<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=306561&amp;fmt=gif">
Skip to content

Australia Hits Russian Medibank Hacker with Sanctions

The Australian Government says it has issued sanctions on a Russian individual for his role in 2022’s Medibank Private data breach.

In a joint announcement made by Deputy Prime Minister Richard Marles, Foreign Affairs Minister Penny Wong, and Home Affairs Minister Clare O'Neil on Tuesday, it was revealed that the Australian Signals Directorate and the Australian Federal Police in league with other Commonwealth agencies and international partners, were able to link Russian citizen and cybercriminal Aleksandr Ermakov to the breach.

The actions imposed on Ermakov include a targeted financial sanction and a travel ban. 

“This sanction makes it a criminal offence, punishable by up to 10 years' imprisonment and heavy fines, to provide assets to Aleksandr Ermakov, or to use or deal with his assets, including through cryptocurrency wallets or ransomware payments,” the announcement read.

Minister Wong said the use of these powers sent a clear message. 

“There are costs and consequences for targeting Australia and Australians,” the Minister wrote in a statement. 

“The Albanese Government will continue to hold cybercriminals to account. This is an incredible effort from our cyber and intelligence teams. We are using all elements of our national power to make Australia more secure at home and to keep Australians safe.”

Home Affairs Minister Clare O’Neil also took to LinkedIn to highlight an important cybersecurity milestone for Australia.

“This is the first time an Australia Government has identified a cybercriminal and imposed cyber sanctions of this kind, and it will not be the last,” she wrote.

“Medibank in my view was the single most devastating cyber-attack we have seen as nation. The cowards and scumbags behind this attack stole the records of millions of Australians, including names, dates of birth, Medicare numbers, and sensitive medical information and cruelly published these details on the dark web for others to see.

“These sanctions would not be possible without the smartest and most talented cyber operatives in the Australian Government working round the clock investigating and protecting us from cyber-attacks.”

The Medibank Private breach resulted in the leak of 9.7 million customer records, including names, birthdates, Medicare numbers and medical information.

In its 2023 annual report, Medibank stated that it expected to spend between $30 and $35 million on further IT security uplift in 2024. This will be in addition to a reported $46.4 million in non-recurring costs associated with the cybercrime, related to incident response and customer support.