The attack was first known in October. At the time, it was unclear how much data the hackers had gotten their hands on and what kind of ransom they were demanding. Medibank did not play by the rules of the criminals and they released the initial information of the company’s customers.

Millions of customers are now exposed

According to Medibank, in addition to medical information, archives stolen include:

• Personal data – names, addresses, dates of birth, phone numbers, email addresses.
• Medicare numbers for clients.
• Passport numbers of foreign students in some cases.
• Some health data, such as information about drug addiction and treatment for eating disorders.

Company He believes all his 3.9 million customers’ data has been compromised. If you include former customers, this number could reach nearly 10 million. The overall extent of the leak is still unclear. Hackers will likely continue to send more stolen data if they don’t keep getting paid.

Interestingly, Medibank initially reassured its clients that despite the breach, no data was compromised. It also turned out that the company does not have insurance against cyber attacks, so it will now have to pay millions to affected customers if they go to court.

Who is behind this?

The attackers have so far refused to reveal their identities. They don’t even give a “collective nickname”. The only catch at the moment, BleepingComputer, is that the website of the now-defunct Russian group REvil is redirecting to an anonymous hacker blog. They write “broken English” in it I recommend to sell Medibank shares. In addition, the ransom they demanded is said to be 10 million dollars.