Russian crim at centre of Medibank hack

A Russian citizen has been slapped with sanctions as the government announced its next move in the Medibank cyber hack saga. Picture: NCA NewsWire / Christian Gilles

Australia has slapped sanctions on Russian citizen Aleksandr Ermakov for his alleged role in the Medibank data breach.

Millions of Australians’ private data, including sensitive medical information, was breached when Medibank’s network was hacked in the 2022 incident.

Foreign Minister Penny Wong confirmed she had signed off on the use of Australia’s cyber-sanctions for the first time as she linked Ermakov to the attack.

“It was an egregious violation. It impacted some of the most vulnerable members of the Australian community,” Senator Wong told reporters in Canberra on Tuesday.

Ermakov was slapped with a financial sanction and a travel ban.

The sanctions make it a criminal offence, punishable by up to 10 years’ imprisonment and heavy fines, to provide assets to Ermakov, or to use or deal with his assets – including through cryptocurrency wallets or ransomware payments.

Cyber-criminal Aleksandr Ermakov had been linked to the attack. Picture: DFAT
Cyber-criminal Aleksandr Ermakov had been linked to the attack. Picture: DFAT

Deputy Prime Minister Richard Marles said publicly naming Ermakov would have an “enormous impact on his activities”.

Home Affairs Minister Clare O’Neil said it would not be the last time the government named and shamed the “scumbags” involved in cyber attacks.

“This is the first time an Australian government has identified a cyber-criminal and imposed cyber-sanctions of this kind and it won’t be the last,” she said.

“Today the Australian government is saying that when we put our minds to it, we’ll unveil who you are, and we’ll make sure you are accountable.”

The breach saw the private information of 9.7m former and current Medibank customers stolen, including names, dates of birth, Medicare numbers and sensitive medical information.

Many of the records were published on the dark web.

The hack affected close to 10m Australians. Picture: NCA NewsWire / Christian Gilles

The government lauded the work of the Australian Signals Directorate and the Australian Federal Police, under Operation Aquila, in unmasking Ermakov.

Mr Marles revealed the United States, the United Kingdom and companies such as Microsoft were involved in the investigation.

He also praised Medibank for being “incredibly open” with their engagement with the ASD.

“This has been fundamentally important in allowing ASD to do its work,” he said.

“It’s a really good example of how companies being willing to share this really sensitive information with ASD allows the investigations to occur in a way that’s ended up with the result that we have today.

“That’s a great outcome for the country, obviously, but it’s a really good outcome for Medibank.“

A spokesperson for Medibank thanked the agencies involved and said work continued on “on uplifting and embedding the technology, processes and security culture” within the private health insurer.

“We know we can still do more as we continue to apply the lessons we have learnt,” they said.