The hackers responsible for a cyber attack against Australian health insurer Medibank have been identified by the Australian Federal Police (AFP) as being associated with Russia.
The breach, which was initially identified on October 13, saw 200GB of data stolen, 9.7 million people affected and the private medical details for a significant number of people distributed on the dark web.
Commissioner of the AFP, Reese Kershaw, directly addressed the hackers, saying “we know who you are”. He also said that the AFP believed they had identified which gang was behind the cyber attack, but that they do not current plan to reveal this information.
The AFP identified the hackers while working with Interpol, who Russia will be accountable to. This confirms what has been potentially suspected about the data breach since messages from the hacker were posted on a dark web site backed by Russian ransomware gang REvil.
“Our intelligence points to a group of loosely affiliated cybercriminals who are likely responsible for past significant breaches in countries across the world,” Kershaw said.
“These cybercriminals are operating like a business, with affiliates and associates who are supporting the business.
“To the criminals – we know who you are and, moreover, the AFP has some significant runs on the scoreboard when it comes to bringing overseas offenders back to Australia to face the justice system.”
The commissioner said that the AFP will be talking with Russian law enforcement about the people they had identified, although they did note that this does not necessarily mean all of those involved in the cyber attack are based in Russia.
Kershaw said the AFP is also “scouring the dark web” for any evidence of malicious actors using the leaked data for wrongdoing and that they would take “swift action” against anyone who attempts to “benefit, exploit or commit criminal offences using stolen Medibank customer data”.
Regarding the release of private data on the dark web, CEO of Medibank, David Koczkar, said: “I unreservedly apologize to our customers. The continued release of this stolen data on the dark web is disgraceful. Unfortunately, we expect the criminal to continue to release stolen customer data each day.
“These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care. It is obvious the criminal is enjoying the notoriety. Our single focus is the health and wellbeing and care of our customers.”
Koczkar continued: “We remain committed to fully and transparently communicating with customers and we will be contacting customers whose data has been released on the dark web.”
23 November 2022
Online Event | Time 10:00 AM to 12:15 PM AEST
29 November, 2022
November 30, 2022
December 06 – 07, 2022
Hilton London Canary Wharf
13 December, 2022
January 17, 2023
Free CS Hub Online Event
Insights from the world’s foremost thought leaders delivered to your inbox.
11:00 AM – 12:00 PM SGT
11:00 AM – 12:00 PM EST
11:00 AM – 12:00 PM SGT
Reach Cyber Security professionals through cost-effective marketing opportunities to deliver your message, position yourself as a thought leader, and introduce new products, techniques and strategies to the market.
Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.
Cyber Security Hub, a division of IQPC
Become a Member today!
Already an IQPC Community Member?
Sign in Here or Forgot Password
Sign up now and get FREE access to our extensive library of reports, infographics, whitepapers, webinars and online events from the world’s foremost thought leaders.
We respect your privacy, by clicking ‘Subscribe’ you will receive our e-newsletter, including information on Podcasts, Webinars, event discounts, online learning opportunities and agree to our User Agreement. You have the right to object. For further information on how we process and monitor your personal data click here. You can unsubscribe at any time.