Hacked Australian Health Insurer Data Posted to Dark Web

tech.hindustantimes.com:

Data stolen from an Australian health insurer, including the names, addresses and birthdates of hundreds of customers, has been posted to a forum on the so-called dark web.

The files appear to be a sample of the data that was accessed, Medibank Private Ltd. said in a statement Wednesday. The company expects more data to be released, after earlier this week saying the hackers exposed information of around 9.7 million people.

The release of the personal information comes after a vast data leak at Singapore Telecommunications Ltd.'s Optus unit in September, which exposed the details of as many as 10 million customers. Other recent hacks on pathology services provider Australian Clinical Labs Ltd. and Woolworths Ltd. subsidiary MyDeal have raised concern Australian companies aren't doing enough to protect customer data.

The hackers warned early Tuesday that they would release the data within 24 hours, a day after the Melbourne-based company said it wouldn't pay a ransom because that would only encourage further crime. The leaked data contained details of about 100 customers including their treatments for cannabis dependence, alcohol abuse, anxiety, and drug use, the Australian Financial Review reported.

Medibank's data breach could cost the company more than A$200 million ($129 million), according to Bloomberg Intelligence analysts Matt Ingram and Jack Baxter. The health insurer, which has already delayed premium increases for affected customers, could face compensation of A$500 to A$20,000 for affected policyholders, the analysts said.

Medibank shares rose 0.7% in afternoon trading in Sydney Wednesday. The stock has slumped around 20% since the hack was first detected just under a month ago, wiping about A$2 billion