1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

Australia: Hackers demand $10 million for stolen health data

November 10, 2022

The blackmailers have already uploaded sensitive records about treatments related to drug abuse, HIV and abortions. Health care company Medibank refused to pay the ransom.

Australian healthcare insurance company Medibank's logo visible on a store in Melbourne
Medibank has refused to pay the hackersImage: Diego Fedele/AAP/IMAGO

Hackers from a group that called itself "Extortion Gang" demanded a ransom of $10 million (€9.9 million) on Thursday to stop uploading private health records stolen from Australian health care company Medibank.

The request came after the group began uploading sensitive health details of hundreds of people on a dark web forum on Wednesday.

Medibank previously confirmed that the blackmailers had accessed the data of 9.7 million current and former clients of the company, including that of Australian Prime Minister Anthony Albanese.

The leaked records are about treatments related to drug abuse and HIV, as well as abortions.

What did Medibank say?

Medibank's CEO David Koczkar said the data dump was "disgraceful."

"The weaponization of people's private information in an effort to extort payment is malicious, and it is an attack on the most vulnerable members of our community," he said.

Medibank has refused to pay the ransom. 

'Should not have happened'

Australia's Cybersecurity Minister Clare O'Neil said she was particularly disturbed by the leaking of abortion data. She called the move "morally irreprehensible."

"I want to say, particularly to the women whose private health information has been compromised overnight, as the minister for cybersecurity but, more importantly, as a woman, this should not have happened," O'Neil said in a statement to parliament on Wednesday.

She tried to assure Medibank users that the company and government services were on standby to support all customers should a larger data leak happen.

Thursday's development came after a data breach at Australian telecom company Optus in September, raising concerns about Australia's ability to defend itself against cyber threats and protect its residents' privacy.

mk/fb (AP, AFP)