The Australian Federal Police have identified cyber criminals in Russia as the perpetrators of the Medibank hack that compromised the personal information of 9.7 million customers.
AFP Commissioner Reece Kershaw said the AFP would seek to speak to Russian law enforcement about the individuals involved, as he called on authorities in Moscow to co-operate with the investigation.
“It’s important to note that Russia benefits from the intelligence sharing and data shared through Interpol and with that comes responsibilities and accountabilities,” Mr Kershaw told reporters in Canberra.
Mr Kershaw said the AFP knew the identities of the individuals involved, but he would not name them on Friday.
He said Australian intelligence suggested the group of “loosely connected” criminals had been responsible for other significant data breaches in the past.
Authorities believe the group may be working with other cyber criminals around the world, he said.
“To the criminals, we know who you are,” Mr Kershaw said.
“And, moreover, the AFP has some significant runs on the scoreboard when it comes to bringing overseas offenders back to Australia to face the justice system.”
He said the AFP and their international partner organisations wouldn’t give up until they had brought the perpetrators to justice.
“I know Australians are angry, distressed and seeking answers about the highly sensitive and deeply personal information that has been released by criminals who breached the Medibank Private database,” Mr Kershaw said.
Anthony Albanese foreshadowed Mr Kershaw’s announcement earlier on Friday.
The Prime Minister told reporters on the sidelines of a Remembrance Day ceremony that authorities were poised to reveal where the attack originated from.
“I’ve certainly authorised the AFP Commissioner later today to disclose where these attacks are coming from,” he said.
“We know where they’re coming from, we know who is responsible and we say that they should be held to account.”
A third wave of sensitive data stolen from Australia’s largest health insurer, including information about people’s mental health status and drug and alcohol use, was posted on the dark web overnight.
The group allegedly behind the hack posted the data of more than 240 people in a file titled “boozy”.
The data in the file is understood to include information about mental health and alcohol issues and follows the release of a file containing information on pregnancy terminations on Thursday.
“You telling that is disgusting (woof-woof), that we published some data. But we warned you, we always keep our word,” the hackers wrote.
“If we wouldn’t receive a ransom – we should post this data, because nobody will believe us in the future. Same about our words, regarding we wouldn’t post any data in the future, if we receive a ransom payments.”
The group, posting on a dark web blog linked to the REvil Russian ransomware group, had claimed they sought $US10m ($A15.1m) from Medibank to prevent the data leak.
Medibank chief executive David Koczkar warned he expected the group to “continue to release stolen customer data each day”.
“The relentless nature of this tactic being used by the criminal is designed to cause distress and harm,” he said in a statement on Friday morning.
“These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care.
“It’s obvious the criminal is enjoying the notoriety. Our single focus is the health and wellbeing and care of our customers.”
Medibank is in the process of contacting customers to provide support for mental health, identity protection, and financial hardship measures.
Cyber Security Minister Clare O’Neil on Friday said she had had a number of “direct conversations” with Medibank about its failure to protect confidential information.
The “best” from the AFP and the Australian Signals Directorate were coming for the person or group who released the data, she said.
“These people are the lowest of the low, and we need to stand up against them and really get into this fight against these cyber thugs and cyber criminals,” she said.
“They are horrendous, horrible people who are terrorising innocent victims and this cannot be allowed to happen in our country.”