Key points
- The development comes after Medibank refused to pay a ransom the hackers were demanding.
- Customers' personal data has been shared on the hackers' dark web group.
- Medibank said it expected the criminals would continue to release files on the dark web.
Medibank has warned more customer data stolen by hackers, including passport numbers, will be uploaded to the dark web after the first files were dropped overnight.
The data trickle includes names, birthdates, addresses, email addresses, phone numbers, health claims information, Medicare numbers for Medibank's ahm customers and passport numbers for international student clients.
There are grave concerns digital criminals will exploit the data, which began appearing on a ransomware group's blog in the early hours of Wednesday under "good-list" and "naughty-list".
"The files appear to be a sample of the data that we earlier determined was accessed by the criminal," Medibank said on Wednesday.
"We expect the criminal to continue to release files on the dark web."
A ransomware group has begun posting client data stolen from Australia's largest health insurer on the dark web. Source: Getty / Scott Barbour
"We unreservedly apologise to our customers," CEO David Koczkar said.
"This is a criminal act designed to harm our customers and cause distress."
The Australian Federal Police have expanded their joint initiative with state and territory police set up to investigate September's Optus data breach to also target the Medibank hack.
"Operation Guardian will be actively monitoring the clear, dark and deep web for the sale and distribution of Medibank Private and Optus data," AFP Assistant Commissioner Cyber Command Justine Gough said.
"This is not just an attack on an Australian business. Law enforcement agencies across the globe know this a crime type that is borderless and requires evidence and capabilities to be shared."
'They're scumbags'
Prime Minister Anthony Albanese, who has publicly revealed he is a Medibank client, said it was a "tough" time for the insurer's customers.
"The company has followed the guidelines effectively," he told reporters in Canberra.
"We are concerned and we will continue to monitor what is occurring.
"We need to keep people's information as safe as possible. There has been a real wake-up call for corporate Australia with both this breach and also the Optus breach."
Assistant Treasurer Stephen Jones branded the hackers "scumbags".
"They're scumbags, they're crooks, they're criminals and we shouldn't be paying ransom," he told Sky News on Wednesday.
Medibank had rejected hacker demands it pay a ransom in return for the data not being released.
The ransomware group indicated, according to the post seen by AAP, it was releasing data bit by bit because of its complexity.
"Looking back that data is stored not very understandable format (table dumps) we'll take some time to sort it out," the post accompanying the lists said.
"We'll continue posting data partially, need some time to do it pretty."
The hackers also appeared to have released screenshots of private messages recently exchanged with Medibank representatives.
Medibank has previously confirmed details of almost 500,000 health claims have been stolen, along with personal information, after the unnamed group hacked into its system weeks ago.
Some 9.7 million current and former customers have been affected.
No credit card or banking details were accessed.
