Australian health insurance company Medibank warned customers on Wednesday that the ransomware group behind last month’s breach had leaked data stolen from its systems.
Medibank is one of the largest private health insurers in Australia, providing private health insurance and services to over 3.9 million customers.
The threat actors are linked to the REvil ransomware gang, and they have leaked a wide variety of information so far. This included millions of Medibank customers’ private and health data and, according to WhatsApp screenshots, negotiation communications with the health insurer’s security operations team and CEO David Koczar.
Medibank said that there’s no evidence the cybercriminals gained access to financial information (credit card and banking details), health claims data for extras services (like dental, optical, and psychology), or primary identity documents (like driver’s licenses).
The company also alerted its customers that the threat actors published online files “believed to have been stolen” from its network, and that it expects the cybercriminals to continue releasing stolen data on their dark web leak website.
“This data includes personal data such as names, addresses, dates of birth, phone numbers, email addresses, Medicare numbers for ahm customers (not expiry dates), in some cases passport numbers for our international students (not expiry dates), and some health claims data,” Medibank said in a Twitter post.
“The files appear to be a sample of the data that we earlier determined was accessed by the criminal. We expect the criminal to continue to release files on the dark web,” the company added.
Medibank’s warning on Wednesday came after the company said in a press release on Monday that it wouldn’t pay the ransom demand made by the threat actors.
“Today, we’ve announced that no ransom payment will be made to the criminal responsible for this data theft,” the company said in the press release.
“Based on the extensive advice we have received from cybercrime experts we believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published,” the company added.