Australian health insurer Medibank suffered a ransomware attack where the names, dates of birth, addresses, phone numbers and email addresses of 9,7 million customers is -allegedly- leaked. (Quite huge amount of data.)
In this ransomware attack, the victim's files are not encrypted but threatened to be exposed. The ransomware gang began to expose some information in the internet to be more persuasive that they really have the data.
Medibank refused to pay the ransom in order not to encourage such attacks. (Brave but risky decision which I think a correct decision.)
It is believed that the attack is carried on by the ransomware gans REvil or BlogXXX.
And yeah... It is seen one more time that cyber security is not a game or not an abstract concept. On the contrary, cyber threats are real and can have serious effects on our real lives.
https://www.theregister.com/2022/11/07/medibank_breach_n0_ransom_payment/
"Australian health insurer Medibank – which spent October discovering a security incident was worse than it first thought – has announced it will not pay a ransom to attackers that made off with personal info describing nearly ten million customers."
"Medibank also confirmed that primary identity documents, such as drivers licenses, were not accessed for most of its clients – but around 1.8 million international customers weren't so lucky and also had details of the visas that permit them to reside in Australia exposed. The Australian national health scheme (Medicare) ID numbers of 2.8 million customers were also leaked."
No comments:
Post a Comment