Medibank data theft & extortion (sensitive health data leaked)
What happened
In October 2022 Medibank, one of Australia's largest private health insurers, disclosed that an intruder had accessed its systems and stolen the personal and sensitive health information of roughly 9.7 million current and former customers. Investigators later established that a criminal used stolen credentials to move through Medibank's network and exfiltrate a large volume of data, including names, dates of birth, addresses, Medicare numbers and detailed health claims information.
The attacker demanded a ransom. According to SBS News, the criminals sought about US$10 million, framed as roughly one US dollar per affected customer, in exchange for not publishing the data. Medibank refused to pay, a stance backed by the Australian government's policy against paying extortion demands. In response, the perpetrators released the stolen records on the dark web in stages, including files containing sensitive medical details such as records of pregnancy terminations, exposing victims to identity theft, extortion and serious distress.
On 23 January 2024 the Australian government used its cyber sanctions framework to name and designate Russian national Aleksandr Ermakov over the breach, the first use of those powers. The U.S. Treasury and the United Kingdom announced parallel sanctions. Authorities, including the Australian Signals Directorate and the Australian Federal Police, linked Ermakov to the REvil ransomware ecosystem. The measures impose a travel ban and make dealing with his assets a criminal offence.
Assessment
The available evidence supports treating this as financially motivated cybercrime and extortion, not a Russian state operation. The confirmed element is the sanctions designation: three governments named Aleksandr Ermakov, a Russia-based criminal tied to the REvil ecosystem. No public evidence establishes direction or tasking by the Russian state; Western statements instead criticise Russia for harbouring such actors. The case is significant for the scale of sensitive health data exposed and as Australia's first use of autonomous cyber sanctions against a named individual.
This dossier summarises open-source reporting and is updated as the investigation develops. Read the original report via the source link.