Hacker demands $10m to stop disclosing Australians’ medical records | Cybercrime News


A cyber extortionist publishes medical information claiming to show details of abortions and treatments for addiction, HIV.

A cyber extortionist has demanded nearly $10 million to stop releasing the medical records of Australians caught up in one of the country’s worst cyberattacks.

In a post on the dark web early Thursday morning, the hacker said he was demanding $1 from Medibank, Australia’s largest private insurer, for each of the 9.7 million customers affected by a massive data breach. last month.

The cybercriminal or criminal organization has also released information claiming to link clients to their abortions, after earlier this week publishing a ‘cheeky list’ appearing to show clients who have received treatment for drug addiction, mental health issues and HIV.

Local media have linked the dark web forum used to post the hacked data to the criminal group REvil, which Russian authorities said they shut down earlier this year at the request of the United States.

Medibank CEO David Koczkar on Thursday condemned the hacker’s actions as “shameful” while reiterating his apologies to customers.

“We remain committed to communicating fully and transparently with customers and will contact customers whose data has been posted on the dark web,” Koczkar said.

“Weaponizing people’s private information for the purpose of extorting payment is malicious and an attack on the most vulnerable members of our community.”

Medibank refused to pay the ransom, citing advice from cybercrime experts that doing so would not guarantee the return of customer information and could put “more people at risk by making Australia a bigger target”.

The Australian Federal Police, which is investigating the cyberattack, warned that downloading or even simply accessing the data could be a criminal offence.

Home Secretary Clare O’Neil called the hackers “filthy criminals”.

“I cannot express the disgust I have for the scumbags who are at the heart of this criminal act,” O’Neil told parliament on Wednesday.

The cyberattack, which first came to light last month, is the latest in a series of major data breaches to rock Australia.

Optus, Australia’s second-largest telecommunications provider, announced in September that the data of up to 10 million customers had been compromised in a cyberattack on the company.


Comments are closed.