This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.theguardian.com/australia-news/2022/nov/11/medibank-data-theft-hackers-release-records-they-claim-are-related-to-mental-health-and-alcohol-issues

The article has changed 5 times. There is an RSS feed of changes available.

Version 2 Version 3
Medibank data theft: hackers release records they claim are related to mental health and alcohol issues Medibank data theft: hackers release records they claim are related to mental health and alcohol issues
(3 months later)
Australian prime minister Anthony Albanese says release of stolen medical records is ‘reprehensible’Australian prime minister Anthony Albanese says release of stolen medical records is ‘reprehensible’
The hackers allegedly behind the Medibank data theft have released another file of apparently stolen medical records despite being warned the “smartest and toughest” people in Australia are coming after them.The hackers allegedly behind the Medibank data theft have released another file of apparently stolen medical records despite being warned the “smartest and toughest” people in Australia are coming after them.
The new release was “disgusting and … totally reprehensible,” the prime minister, Anthony Albanese, said on Friday morning.The new release was “disgusting and … totally reprehensible,” the prime minister, Anthony Albanese, said on Friday morning.
He said the government was doing all it could do to limit the impact of the data breach, and support people affected.He said the government was doing all it could do to limit the impact of the data breach, and support people affected.
“Added one more file Boozy.csv ...,” the ransomware group wrote in a blog update on the dark web in the early hours of Friday.“Added one more file Boozy.csv ...,” the ransomware group wrote in a blog update on the dark web in the early hours of Friday.
Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundupSign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup
Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundupSign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup
Around 240 customers who were included in the file were being contacted by Medibank on Friday. Included in the file are policy holders who have made claims related to the harmful use of alcohol.Around 240 customers who were included in the file were being contacted by Medibank on Friday. Included in the file are policy holders who have made claims related to the harmful use of alcohol.
It is understood some of the data included in the file indicates the person drinks alcohol and is not related to alcohol dependence or why they might have been admitted to hospital.It is understood some of the data included in the file indicates the person drinks alcohol and is not related to alcohol dependence or why they might have been admitted to hospital.
The file comes after a data dump on Thursday named “abortions.csv”.The file comes after a data dump on Thursday named “abortions.csv”.
“You telling that is disgusting (woof-woof), that we publish some data,” the hackers wrote on Friday in the blog.“You telling that is disgusting (woof-woof), that we publish some data,” the hackers wrote on Friday in the blog.
“But we warned you. we always keep our word, if we wouldn’t receive a ransom – we should post this data, because nobody will believe us in the future.”“But we warned you. we always keep our word, if we wouldn’t receive a ransom – we should post this data, because nobody will believe us in the future.”
The Medibank CEO, David Koczkar, said on Friday that customers who are concerned should call the cybercrime hotline, mental health support hotline, Beyond Blue, Lifeline or their GP.The Medibank CEO, David Koczkar, said on Friday that customers who are concerned should call the cybercrime hotline, mental health support hotline, Beyond Blue, Lifeline or their GP.
“I unreservedly apologise to our customers,” he said. “The continued release of this stolen data on the dark web is disgraceful.”“I unreservedly apologise to our customers,” he said. “The continued release of this stolen data on the dark web is disgraceful.”
He said he expected the data to continue to be leaked day by day.He said he expected the data to continue to be leaked day by day.
“These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care.”“These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care.”
The group claimed on Thursday it had demanded a ransom of US$1 for each of Medibank’s 9.7 million affected customers, for a total of US$9.7m (almost $15m).The group claimed on Thursday it had demanded a ransom of US$1 for each of Medibank’s 9.7 million affected customers, for a total of US$9.7m (almost $15m).
Albanese said the release of the data was “already incredibly distressing”.Albanese said the release of the data was “already incredibly distressing”.
“The fact that the information was published, going to very personal health details of Australian citizens, is disgusting and something that I think is just totally reprehensible and causing a great deal of distress in the community.”“The fact that the information was published, going to very personal health details of Australian citizens, is disgusting and something that I think is just totally reprehensible and causing a great deal of distress in the community.”
He said the government had met with state and territory governments and Medibank and agreed to establish a “one-stop shop” to help those affected find advice.He said the government had met with state and territory governments and Medibank and agreed to establish a “one-stop shop” to help those affected find advice.
He urged all Australians not to access the leaked data, let alone publish it, “because we need to provide a disincentive for this sort of criminal, disgusting behaviour”.He urged all Australians not to access the leaked data, let alone publish it, “because we need to provide a disincentive for this sort of criminal, disgusting behaviour”.
“We will get to the bottom of where this has come from [and] hold whoever is responsible for this to account.”“We will get to the bottom of where this has come from [and] hold whoever is responsible for this to account.”
Sign up to Guardian Australia's Afternoon UpdateSign up to Guardian Australia's Afternoon Update
Our Australian afternoon update email breaks down the key national and international stories of the day and why they matterOur Australian afternoon update email breaks down the key national and international stories of the day and why they matter
after newsletter promotion
On Thursday the home affairs minister, Clare O’Neil, told parliament the government was standing by Medibank customers, who were entitled to have their information kept private after the “morally reprehensible and criminal” attack.On Thursday the home affairs minister, Clare O’Neil, told parliament the government was standing by Medibank customers, who were entitled to have their information kept private after the “morally reprehensible and criminal” attack.
“I want the scumbags behind this attack to know that the smartest and toughest people in this country are coming after you,” she said.“I want the scumbags behind this attack to know that the smartest and toughest people in this country are coming after you,” she said.
The minister spoke with the Medibank chief executive twice on Thursday to “make clear” what was expected of Australia’s biggest health insurer and to ensure customers were adequately supported.The minister spoke with the Medibank chief executive twice on Thursday to “make clear” what was expected of Australia’s biggest health insurer and to ensure customers were adequately supported.
“I don’t want Australians to have to circulate 14 government departments or areas of Medibank in order to get what they deserve and need,” O’Neil said.“I don’t want Australians to have to circulate 14 government departments or areas of Medibank in order to get what they deserve and need,” O’Neil said.
“I received the assurance from Medibank ... that if a large data dump occurs, they are fully ready to provide services when and if they are needed to Australians who need them.”“I received the assurance from Medibank ... that if a large data dump occurs, they are fully ready to provide services when and if they are needed to Australians who need them.”
The first wave of files dropped on Wednesday included names, birthdates, addresses, email addresses, phone numbers, health claims information, Medicare numbers for Medibank’s ahm customers, and passport numbers for international student clients.The first wave of files dropped on Wednesday included names, birthdates, addresses, email addresses, phone numbers, health claims information, Medicare numbers for Medibank’s ahm customers, and passport numbers for international student clients.
Medibank has confirmed details of almost 500,000 health claims have been stolen, along with personal information, after the group hacked into its system last month.Medibank has confirmed details of almost 500,000 health claims have been stolen, along with personal information, after the group hacked into its system last month.
No credit card or banking details were accessed.No credit card or banking details were accessed.
Australian federal police investigators are working with international agencies, as well as state and territory police.Australian federal police investigators are working with international agencies, as well as state and territory police.
The opposition cybersecurity spokesman, James Paterson, said anyone who is contacted by a person purporting to have access to their data should immediately report it to authorities.The opposition cybersecurity spokesman, James Paterson, said anyone who is contacted by a person purporting to have access to their data should immediately report it to authorities.
Paterson has proposed a “safe harbour” provision – involving the nation’s cybersecurity agency, the Australian Signals Directorate – to give companies time in the immediate aftermath of an attack to respond to the crisis without worrying about legal and privacy ramifications.Paterson has proposed a “safe harbour” provision – involving the nation’s cybersecurity agency, the Australian Signals Directorate – to give companies time in the immediate aftermath of an attack to respond to the crisis without worrying about legal and privacy ramifications.
In Australia, support is available at Beyond Blue on 1300 22 4636, Lifeline on 13 11 14, and at MensLine on 1300 789 978. In the UK, the charity Mind is available on 0300 123 3393 and Childline on 0800 1111. In the US, Mental Health America is available on 800-273-8255In Australia, support is available at Beyond Blue on 1300 22 4636, Lifeline on 13 11 14, and at MensLine on 1300 789 978. In the UK, the charity Mind is available on 0300 123 3393 and Childline on 0800 1111. In the US, Mental Health America is available on 800-273-8255