SYDNEY, (Reuters) – Australia’s biggest health insurer Medibank Private Ltd (MPL.AX), recently hit by a massive cyber hack, said on Wednesday the hacker could release more stolen data after the company refused to make ransom payments.
Some names, addresses, phone numbers, email addresses, passport numbers of international students and health claims data stolen from Medibank’s systems have already been released on a dark web forum, the company said in a statement. “We expect the criminal to continue to release files on the dark web,” it added.
Local media has reported the stolen data was posted on a blog linked to ransomware crime group REvil, which some experts say has links to Russia.
Prime Minister Anthony Albanese said his government was working with investigators on the cyber hack, the latest in a string of data breaches which have rocked corporate Australia. “This is really tough for people. I’m a Medibank private customer as well, and it will be of concern that some of this information has been put out there,” Albanese said during a media briefing.
It was not immediately clear whether the hacker has access to the prime minister’s medical or personal details.
Data of around 9.7 million current and former customers were compromised, Medibank has said.
Medibank shares have plunged 22% since the hack was revealed by the company on Oct. 13. Shares were up nearly 2% in late morning trade on Wednesday. Medibank’s decision not to pay a ransom is consistent with the government’s advice, Federal Cyber Security Minister Clare O’Neil said in a statement on Wednesday. She urged impacted customers to be on high alert for extortion attempts.
Medibank Chief Executive David Koczkar described the incident as “a criminal act” on Wednesday.
Australia has seen a spike in cyber attacks with at least eight companies, including Singapore Telecommunications-owned (STEL.SI) telecoms company Optus, reporting breaches since September.
Technology experts have said Australia has become a target for hackers just as a skills shortage leaves an understaffed, overworked cybersecurity workforce ill-equipped to stop attacks.