Hackers responsible for an attack on Australian insurance company Medibank said they demanded US$9.7 million (€9.6 million) for not disclosing customers’ medical data.
The group, calling itself the “Extortion Gang”, said it demanded one dollar (0.99 euro cents) for the stolen record from each of Medibank’s 9.7 million current and former customers.
The group published clinical data on the dark web of hundreds of clients who underwent pregnancy termination and warned that it will continue to disclose private medical information until it is rescued.
The clinical data of HIV-positive patients or drug addicts were part of the information already exposed on Wednesday, along with identity, passport numbers, dates of birth, addresses and medical information.
Medibank CEO David Koczkar condemned the release of the information: “The use of people’s private information as weapons in an effort to extort payment is malicious and is an attack on the most vulnerable members of our community.” .
Australia’s Cyber Security Minister Clare O’Neil, a client of Medibank, called the attack on women who had terminated their pregnancies “morally reprehensible”.
Medibank and government services are ready to help any customer in need, even if there is a “big data release,” O’Neil added.
Initially, the hackers allegedly threatened to expose celebrity clients’ diagnoses and treatments unless a ransom of an undisclosed amount was paid.
For its part, Medibank considered that there was a “limited possibility” that the rescue would prevent the publication of the data.
Medibank has updated its estimate of the number of people affected by the cyberattack from four million two weeks ago to 9.7 million this week.
Source: TSF
