The rest of the customer data stolen in the Medibank ransomware attack appears to have been published online.
REvil, the group behind the attack on the Australian health insurance company, posted an update to its blog earlier this week stating “Happy Cyber Security Day!!! Folder full added. Case closed,” TechCrunch reports.
Since the posting of the post, the blog is no longer available, making it impossible to independently confirm the authenticity of the files posted. However, Medibank said the folder contained six raw data files compressed into an archive. A total of six gigabytes of data has been posted, making this the largest Medibank leak to date.
No financial data included
It said it was analyzing the data posted, but added that it “appears to be the data we thought the criminal stole”.
“While our investigation continues, there are currently no signs that any financial or banking information has been compromised. And the stolen personal data alone is not enough to enable identity and financial fraud. The raw data we have analyzed so far is incomplete and difficult to understand,” Medibank wrote in an update.
The company concluded that it expects REvil to continue releasing files on the dark web, despite the group’s claims that everything has already been leaked.
Medibank fell victim to the ransomware attack at the end of October 2022 by REvil, a group allegedly associated with the Russian government.
After the initial investigation, it was said that information about 9.7 million customers came from enterprise endpoints (opens in new tab)as well as data on health claims related to half a million others.
The company’s CEO David Koczkar later clarified via LinkedIn the type of data obtained: “The criminal did not have access to credit card and banking information or health claims data for additional services,” he said.
It would later emerge that REvil had customers’ names, dates of birth, passport numbers, medical claims information, and sensitive files related to abortions and alcohol-related illnesses. It also demanded a $9.7 million ransom, one dollar for each customer.
Through: TechCrunch (opens in new tab)