Leaked emails between Medibank and Russian hackers – posted to Reddit – show how the company attempted to protect stolen data after breach.
New leaked emails between Medibank and Russian hackers show how the insurance company tried to negotiate to retrieve stolen data, before they finally ended up refusing the hackers’ $15 million ransom demand.
The emails were part of a massive data leak uploaded to the dark web by the hackers, who then declared the ‘case closed’. Screenshots were later uploaded to Reddit, showing correspondence between the two parties.
The Medibank data contained highly sensitive information which not only included names and contact information, but also passport numbers, Medicare numbers, and confidential health information about diagnosis procedures in many cases.
In the alleged email exchange, representatives from Medibank attempt to confirm the amount and type of data breached. The hackers then go on to explain how they hacked the data, and present their demands, including levying threats against the company.
“In addition to informing, we will also drop the link to a public source where the data is published so that it would be easier for them to form a lawsuit, we will regularly post data every day and support the news feed. We will also get a secondary benefit from posting data in the form of hype about our affiliate program.” they add.
When Medibank representatives explained that Australian laws required them to keep all stakeholders informed, the hackers say: “We are interested in getting money, not destroying your company.”
Get the latest Tech news, features, updates and giveaways straight to your inbox Learn more
Ultimately, however, the company decided not to pay the ransom, explaining in an email: “After considering all options, we have made a decision that we cannot pay your demand. It is also Australian government policy that ransoms should not be paid. We understand the impact this may have.”
On Thursday, December 1st, Medibank confirmed that the stolen data had been uploaded to the dark web overnight. The insurance company also assured people that it was working with authorities to ‘ensure our customers are supported.’
Medibank first disclosed news of a ‘cyber incident’ in October, and revealed shortly after that it had been contacted by hackers claiming to be in possession of sensitive data.
We’re aware stolen Medibank customer data has been released on the dark web overnight. We’re in the process of analysing the data, but it appears to be the data we believed the criminal stole. https://t.co/fS0PCJppNx
— Medibank (@medibank) December 1, 2022