Sydney, Australia — Hackers leaking medical records stolen from a major Australian healthcare company said Thursday they are demanding $10 million to make it stop, about a dollar for each of their potential victims.
Medibank earlier this week confirmed the hackers had accessed information belonging to 9.7 million current and former clients, including Prime Minister Anthony Albanese.
A small sample of records posted by the hackers early Wednesday featured a “naughty list” of names that appeared to have undergone treatment for drug addiction, alcohol abuse and HIV.
Medibank on Thursday confirmed an “additional file” believed to contain customer data was uploaded to a “dark web” forum overnight.
The hackers used the same forum to detail their ransom demand.
“Society ask us about ransom, it’s 10 million USD,” the anonymous hackers posted on the forum.
“We can make discount… $1 = 1 customer.”
Medibank has repeatedly refused to pay the hackers.
“The release of this stolen data on the dark web is disgraceful,” chief executive David Koczkar said Thursday.
“The weaponization of people’s private information in an effort to extort payment is malicious and it is an attack on the most vulnerable members of our community”.
Home Affairs minister Clare O’Neil has described the hackers as “scummy criminals”.
“I cannot articulate the disgust I have for the scumbags who are at the heart of this criminal act,” she told parliament on Wednesday.
Medibank is Australia’s largest private health insurer and the hack is likely to include some of the country’s most influential and wealthy individuals.
The hackers had previously threatened to sell the data of 1,000 high-profile Australians if the company did not pay an undisclosed ransom.
The “sample” selection of customer data posted to the dark web on Wednesday included names, birth dates, passport numbers and information on medical claims for hundreds of customers.