THE SQUIZ
Medibank says the data of 200 customers posted to the dark web yesterday includes names, addresses, birth dates, phone numbers, email addresses, passport and Medicare numbers, and details of health claims. Yesterday, 2 files labelled the ‘good list’ and the ‘naughty list’ were posted by cybercriminals online. People on the ‘naughty’ list are said to be customers with “well-known surnames” who have undergone treatment for drug/alcohol and mental health issues. And the ‘nice’ list was mostly about elderly customers’ surgeries. Medibank boss David Koczkar’s mobile number was also released, along with the company’s correspondence about how it was handling the hack. Experts say that indicates the hackers have had access to Medibank’s IT systems for several weeks, including executives’ emails and WhatsApp messages.

YIKES…
And it’s still not clear who’s behind the attack… What is known is the information was posted on a site run by REvil, a collection of Russian-based ransomware criminals responsible for several international attacks over the years. Russian authorities said the group was disbanded and charged in January, but experts believe some members remain active. As for what’s next, the hackers said yesterday that they’ll “continue posting data partially” as they sort through the information they stole. Medibank said it doesn’t believe that’s an idle threat as the hackers press the company for a ransom to be paid. But the company is sticking to its plan following government and cybersecurity advice that a payment wouldn’t guarantee the safety of information – and could even encourage future hacks in Australia.

SO WHAT DO I DO IF I’M A CUSTOMER?
It’s a question that even PM Anthony Albanese and Home Affairs Minister Clare O’Neil would be asking – they’re both Medibank customers. To recap: the hackers accessed the details of 9.7 million customers, so every customer has a chance of their details leaking. Federal Police stepped it up – they have expanded ‘Operation Guardian’ and will monitor the dark web “for the sale and distribution of Medibank Private and Optus data”. Meanwhile, O’Neil says Medibank customers should be on “high alert” for scammers trying to blackmail them. Data breach expert Troy Hunt says customers should verify the identity of unknown callers and people in text messages, saying “if you’re unsure, hang up and go to medibank.com.au”. If you’re worried, here’s some advice.