Australian-based insurance firm Medibank has confirmed that they were exposed to a security breach by BlogXX threat actors, resulting in unauthorized access to 9.7 Million customer data. BlogXX is a structure of the Revil Ransomware group that was shut down by law enforcement in 2021.

9.7 million customer data captured by threat actors in this Ransomware attack includes personal information such as name, surname, date of birth, full address, phone number, and email address. In addition, the captured data also includes the Medicare numbers of customers, passport numbers, and visa details of international student customers. After the data breach, the Medibank security team announced that they detected Ransomware on their systems on October 12, 2022, and the affected systems were isolated. It is known that BlogXX threat actors threatened Medibank with leaking the captured data if the ransom payment was not made, but Medibank refused to pay the ransom.

With more than 3.9 million customers and 4,000 employees, Medibank is among Australia’s largest private health insurance providers. Every day, many institutions and organizations, regardless of large or small scale, are targeted by Ransomware attacks. In this context, it is recommended to consider the following suggestions in order not to be the target of similar attacks;

Emails, Attachments, Files/Links From Suspicious/Unknown Parties Should Not Be Relied on.
File, Software, and Program Downloads Must Be Performed From Legitimate And Official Sources.
Current and Comprehensive Security Solutions should be used.
System And Applications Should Be Keep At The Latest Version.