Cyber-threat posts medical information to show details of abortion and addiction treatment.
A cyber-threat is demanding almost $10 million to stop leaking medical records of Australians caught in one of Australia’s worst cyber-attacks.
In a message posted on the dark web early Thursday morning, the hacker said he was demanding $1 from Medibank, Australia’s largest private health insurer, for each of the 9.7 million customers affected by last month’s massive data breach.
The cybercrime or criminal organization also released information earlier this week purporting to link clients to abortions, addiction, A cybercrime organization has posted a “stupid list” after it released a list of clients receiving treatment for mental health issues and HIV.
Local media have linked a dark web forum used to upload hacked data to the criminal group REvil, which Russian authorities said was shut down earlier this year at the request of the United States.
Medibank CEO David Koczkar on Thursday condemned the hacker’s actions as “shameful” while apologizing to customers.
“We are committed to fully transparent communication with customers, and we will communicate with customers who release data on the dark web,” Koczkar said.
“Weaponizing people’s personal information in an attempt to intimidate payments is dangerous and an attack on the most vulnerable members of our community.”
Medibank, citing advice from cybercrime experts, said it was uncertain whether Medibank would recover customer data and could have “a way to put people at risk” by making Australia a bigger target.
The Australian Federal Police, which is investigating the cyber attack, has warned that simply downloading or accessing the data could constitute a crime.
Home Secretary Clare O’Neil described the hackers as “thugs”.
“I cannot express the disgust I feel for the scoundrels who were at the center of this crime,” O’Neill said in parliament on Wednesday.
The cyber attack, which began last month, is the latest in a series of massive data breaches to rock Australia.
Optus, Australia’s second-largest telecoms provider, announced in September that a cyber attack on the company had compromised the data of up to 10 million customers.