Additional data from the Medibank breach has been published on the dark web, a statement from the private health insurer’s website confirmed Thursday.
Medibank said it was aware that the criminal responsible for the breach released another file containing customer data on a dark web forum, with CEO David Koczkar calling this latest move “disgraceful.”
“We take the responsibility to secure our customer data seriously and we again unreservedly apologise to our customers,” he said. “We remain committed to fully and transparently communicating with customers and we will be contacting customers whose data has been released on the dark web.”
Although Medibank did not confirm what the latest leaked file contained, a report from the BBC claimed it was a file with information on pregnancy terminations. The same report revealed that a previous leak exposed customers’ health claims data, which included medical procedure history, as well as names, addresses, birthdates, and government ID numbers.
To support customers affected by the breach, Medibank said it has established a dedicated cyber response program that includes mental health and wellbeing support, identity protection and financial hardship measures.
“The weaponisation of people’s private information in an effort to extort payment is malicious, and it is an attack on the most vulnerable members of our community,” Koczkar added. “These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care.”
Previous reports have linked the Medibank data breach to Russian-speaking ransomwear group REvil.