Hackers say they’ve obtained data from Medibank and have threatened to release the private medical information of high-profile Australians if a ransom isn’t paid.
According to a new report from the Sydney Morning Herald, the unknown hackers claim to have 200 gigabytes of data from Medibank (including credit card numbers), following from the private health insurer last week revealing it had fallen victim to a ‘cyber incident’.
And while the threatening message sent to Medibank is in broken English, it’s clear the hackers believe threats about Australians in the public eye are the best way to ensure a ransom is paid. The message to Medibank, which also owns the health insurance brand AHM, specifically includes threats to release private medical information about politicians, actors, bloggers and LGBT activists:
We offer to start negotiations in another case we will start realising our ideas like 1. Selling your Database to third parties 2. But before this we will take 1k most media persons from yourdatabase (criteria is: most followers, politicians, actors, bloggers, LGBT activists, drug addictive people, etc) Also we’ve found people with very interesting diagnoses. And we’ll email them their information.
While the term “most followers” could have a few different meanings, it likely relates to the number of people who follow high-profile Australians on social media platforms like Twitter, Instagram and Facebook. Medibank has not made public how much money the hackers have asked for, but they did tell shareholders yesterday that it was “working urgently to establish if the claim is true”. It added “based on our ongoing forensic investigation, we are treating the matter seriously at this time”.
Curiously, Medibank reported the incident on October 13, but said at the time there was no evidence that any sensitive customer data had been compromised.
This article has been updated since it was first published.