Russian crim at centre of Medibank hack

A Russian citizen has been slapped with sanctions as the government announced its next move in the Medibank cyber hack saga. Picture: NCA NewsWire / Christian Gilles

Australia has slapped sanctions on Russian citizen Aleksandr Ermakov for his alleged role in the Medibank data breach.

Almost 10 million Australians’ private data, including sensitive medical information, was breached when Medibank’s network was hacked in the 2022 incident.

Some records were published on the dark web.

Foreign Minister Penny Wong confirmed she had signed off on the use of Australia’s cyber-sanctions for the first time.

“It was an egregious violation. It impacted some of the most vulnerable members of the Australian community,” Senator Wong told reporters in Canberra on Tuesday.

Ermakov was slapped with a financial sanction and a travel ban.

Cyber-criminal Aleksandr Ermakov had been linked to the attack. Picture: DFAT
Cyber-criminal Aleksandr Ermakov had been linked to the attack. Picture: DFAT

The sanctions make it a criminal offence, punishable by up to 10 years’ imprisonment and heavy fines, to provide assets to Ermakov, or to use or deal with his assets – including through cryptocurrency wallets or ransomware payments.

Deputy Prime Minister Richard Marles said publicly naming Ermakov would have an “enormous impact on his activities”.

Home Affairs Minister Clare O’Neil said it would not be the last time the government named and shamed the “scumbags” involved in cyber attacks.

The hack affected close to 10m Australians. Picture: NCA NewsWire / Christian Gilles

“This is the first time an Australian government has identified a cyber-criminal and imposed cyber-sanctions of this kind and it won’t be the last,” she said.

“Today the Australian government is saying that when we put our minds to it, we’ll unveil who you are, and we’ll make sure you are accountable.”

More to come.