Medibank, one of the country's largest private health insurers, told its investors that a "sample" of data from its roughly 9.7 million customers had been posted on a "dark web forum".

The company expects further leaks.

Names, passport numbers, dates of birth, addresses and medical information are among the personal data posted anonymously on Wednesday morning.

The victims were divided into a list of "good guys" and "bad guys".

Several people on the "villains" list were associated with numerical codes linking them to drug addiction, alcoholism and HIV.

A file included for example the indication "p_diag: F122".

F122 is the code for "cannabis dependence" according to the International Classification of Diseases published by the World Health Organization.

Australian Prime Minister Anthony Albanese, himself a Medibank client, likened the cyberattack to a "warning shot" for Australian businesses.

The leaked data was posted on a dark web forum, which cannot be found using regular browsers.

Medibank, which offers private health insurance to Australians wishing to supplement the public universal health system, informed the Australian Securities Exchange of the leak shortly before the opening of the Exchange.

"The files appear to be a sample of data that we previously determined was accessed" by the hacker, the company said in a statement.

"We expect the (hijacker) to continue posting files on the dark web," she continued.

Possible Russian links

The hackers followed through on their threat, after warning they would release the data if Medibank did not pay them an undisclosed ransom.

“PS: I recommend selling Medibank shares,” the hackers wrote on a forum some 24 hours before the first sample data was released.

Medibank, backed by the Australian federal government, refused on Tuesday to grant their request, advising its customers to remain "vigilant".

"Based on the extensive advice we have received from cybercrime experts, we believe that paying a ransom would only have a limited chance of securing the return of our customers' data and preventing its publication," it said. said Medibank boss David Koczkar.

The author of the hack has not yet been publicly identified.

Justine Gough of the Australian Federal Police believed it was the work of a "criminal group or criminal groups" who may be operating outside the country.

Sanjay Jha, chief scientist at the University of New South Wales' Institute of Cybersecurity, said it was difficult to attribute an attack to just one group.

However, he told AFP that the attack had some characteristics associated with a Russian hacking group called REvil, which has notably previously targeted Brazilian meat giant JBS and Lady Gaga.

An old REvil website, which was taken down by Russia this year, redirects to the dark web forum where Medibank data was leaked.

"Garbage"

The hackers have also posted what they say is a series of exchanges between them and representatives of Medibank.

“We will do everything in our power to inflict as much damage to you as possible, reputationally and financially,” a message read.

This security breach has already cost Medibank's market valuation hundreds of millions of dollars.

The company's share price has plunged 20% since October, when information about the data leak first emerged.

Australian treasury aide Stephen Jones called the hackers "garbage" and "swindlers".

"We shouldn't give in to these fraudsters," he told Sky News Australia.

As Medibank struggled to contain the leak, it also found itself threatened by potentially costly class action lawsuits.

Two law firms announced on Tuesday that they have joined forces to investigate whether Medibank breached its customer privacy obligations under Australian law.

© 2022 AFP