Medibank Private being held to ransom after hack exposes 3.9 million customers

It’s another week and another data breach – this time Medibank Private have been hacked to the tune of 3.9 million customers data and are now being held to ransom by the attackers.

Initially Medibank Private said no sensitive data had been compromised but the hackers making the ransom demands claim they have obtained sensitive medical information.

The Sydney Morning Herald is reporting the hackers are threatening to release some of this sensitive information unless the health insurer pays a ransom.

In the message obtained by the Herald, it claims to have stolen 200GB of sensitive information and is threatening to contact the most well-known customers using their own personal information.

The message to Medibank Private that was obtained by the Sydney Morning Herald was written by a person for whom English is a second language.

The message reads:

“We offer to start negotiations in another case we will start realizing our ideas like 1. Selling your Database to third parties 2. But before this we will take 1k most media persons from your database (criteria is: most followers, politicians, actors, bloggers, LGBT activists, drug addictive people, etc) Also we’ve found people with very interesting diagnoses. And we’ll email them their information.”

Medibank private detected unusual activity on its network on October 12 and initially the company said no sensitive data or customer information had been stolen.

Earlier this week the Medibank Private share price had been put on hold as the company investigates the incident.

“Medibank is working urgently to establish if the claim is true, although based on our ongoing forensic investigation we are treating the matter seriously at this time,” the company said in a statement.

“As a health company providing health insurance and health services, Medibank holds a range of necessary personal information of customers.”