A cyber extortionist posts medical information, purporting to show details about abortions and HIV addiction treatment.
A cyber extortionist has demanded nearly $10 million to stop leaking the medical records of Australians caught up in one of the worst cyber attacks ever.
In a message posted on the dark web early Thursday morning, the hacker said he was demanding $1 from Medibank, Australia’s largest private health insurer, for each of the 9.7 million customers affected by last month’s massive data breach.
Cybercriminals or a criminal organization have also released information purporting to link clients to their abortions after earlier this week publishing a “naughty list” showing clients who had been treated for addiction, mental health issues and HIV.
Local media have linked a dark web forum used to post hacked data to the criminal group REvil, which Russian authorities said they shut down earlier this year at the request of the United States.
Medibank CEO David Koczkar on Thursday condemned the hacker’s actions as “shameful” and reiterated his apology to customers.
“We remain committed to full and transparent communication with our customers and will be reaching out to customers whose data has been published on the dark web,” Koczkar said.
“Weaponizing people’s private information to extract payment is malicious and an attack on the most vulnerable members of our community.”
Medibank refused to pay the ransom, citing advice from cybercrime experts that it would not ensure the return of customer information and could “harm more people by making Australia a bigger target”.
Australian Federal Police investigating the cyber attack have warned that downloading or even simply accessing the data could be a criminal offence.
Home Secretary Clare O’Neil described the hackers as “low-cost criminals”.
“I cannot express the disgust I feel for the scoundrels who are at the heart of this criminal act,” O’Neill told parliament on Wednesday.
The cyber attack, which first came to light last month, is the latest in a series of major data breaches to rock Australia.
Optus, Australia’s second largest telecommunications provider, announced in September that up to 10 million accounts were compromised in a cyber attack against the company. customers.
