Medibank disclosed their data had been accessed on October 13. Initially, there was no evidence that data had been exfiltrated or ransomware deployed. Shortly after, they were contacted by a criminal saying they had stolen data and were demanding a ransom. Between then and now, the criminal has collated their stolen information while the company ensures it’s systems are secured and operational post-hack.
Now, since Wednesday morning in Australia, the criminal has begun releasing data, including email addresses, phone numbers, physical/postal addresses, Medicare numbers, names, dates of birth, passport numbers and visa details.Bank details and credit card numbers are not affected. The first waves of this data have come in groups of approximately 1,000 and relate to people who have had treatment for drug abuse, sexually-transmitted infections and abortions – this is no mistake and aims to embarrass and panic customers of Medibank and piggyback on current societal discussions, especially those happening overseas.
Are You a Customer of Medibank, Ahm or Their Companies?
If you are, or have previously been a customer of Medibank or any of it’s subsidiaries, you should assume that your data is included in the breach. This data is most useful in impersonation (where a criminal will pose as you to support workers or service providers to gain access to other accounts or re-issue things like SIM cards) ransom (taking payment from you or the company in exchange for supposed deletion of this data) and sale to other criminals, presumably those who are in a position to use it to these ends.
Medibank are asking any concerned customers to contact them on 13 23 31. We strongly recommend that you use Multi-Factor Authentication on all online accounts that support it, and add a passphrase, secret PIN or on-the-spot text code to support calls with any company who supports it, including your internet service provider, mobile service, bank, medical providers and services like insurance and investments. These passwords or codes are new, and as such not included in your stolen data, and should be requested and quoted any time your account is accessed going forward.
Additionally, consider adding details like your email address, name and/or phone number to sites like Firefox Monitor, haveibeenpwned.com and BitDefender Digital Identity Protection to notify you when your data is detected as it moves around the internet. While these services can only report retroactively and data has to be found and verified, they go a long way to ensuring you know and can act when your identity may be being abused online.
At the time of this email, over 500,000 records have been posted on the ‘dark web’ – a portion of the internet only directly accessible if you know an address to go to – for purchase and download by anyone.
We’re always happy to talk.
If you’d like further advice, have something to contribute, or would like to add to this story, please email firstname.lastname@example.org.
If you’re interested in more ways to keep your files, accounts and data safe, are a client, or would like contact us, email or call us via phone during business hours.