Hacker Demands 10 Million To Stop Leak Of Australians Medical Records Cybercrime News

A cyber extortionist has demanded almost $10 million to stop leaking the medical records of Australians involved in one of the country’s worst cyber attacks. In a message posted on the dark web early Thursday morning, the hacker said he was demanding $1 from Medibank, Australia’s largest private health insurer, for each of the 9.7 million customers affected by a massive data breach last month. The cybercriminal or criminal organization also released information purportedly linking clients to their abortions after earlier this week it released a “naughty list” that appeared to clients receiving treatment for addiction, mental health issues and HIV. Local media have linked the dark web forum used to post the hacked data to the REvil criminal group, which Russian authorities said they shut down earlier this year at the request of the United States. Medibank CEO David Koczkar on Thursday condemned the hacker’s actions as “disgraceful” while reiterating an apology to customers. “We remain committed to full and transparent communication with customers and will contact customers whose data has been published on the dark web,” Koczkar said. “Weaponizing people’s personal information in an attempt to extort payment is malicious and an attack on the most vulnerable members of our community.” Medibank refused to pay the ransom, citing advice from cybercrime experts that doing so would not ensure the return of customer information and could put “more people at risk by making Australia a bigger target”. The Australian Federal Police, which is investigating the cyberattack, has warned that downloading or even simply accessing the data could be a criminal offence. Home Secretary Clare O’Neil described the hackers as “rogue criminals”. “I cannot express my disgust for the scumbags at the center of this criminal act,” O’Neill told parliament on Wednesday. The cyber attack, first disclosed last month, is the latest in a series of major data breaches to rock Australia. Optus, Australia’s second largest telecommunications provider, announced in September that the data of up to 10 million customers had been compromised in a cyber attack against the company.