Australians’ personal and prescription data has been found for sale online.

A significant data breach involving the Australian e-script provider MediSecure has resulted in the alleged sale of personal and prescription information on a popular Russian-language hacking forum. 

Earlier this month, MediSecure, which ceased operating as a nationwide prescription delivery service in late 2023, disclosed a substantial breach involving private data and prescription-related details. 

An individual using the handle ‘Ansgar’ has since claimed possession of 6.5 terabytes of Australians' data. 

“For Sale: Database of an Australian medical prescriptions company MedSecure [sic],” Ansgar reportedly posted, asking for $50,000 and promising to sell to only one buyer.

The claimed stolen database is said to contain personal information including phone numbers, addresses, email addresses, full names, insurance numbers, and sensitive prescription details. 

Ansgar has provided screenshots showing prescription details and Australian pharmacy information as proof. 

The data also purportedly includes MediSecure website usernames and passwords and “IP addresses of visitors to the site and etc.”

This alleged 6.5 terabyte dataset is significantly larger than the 2022 Medibank data breach, which involved only 0.2 terabytes. 

The dataset reportedly contains 50 million rows of data, though the number of affected Australians remains unknown.

The National Cyber Security Coordinator (NCSC) has acknowledged this “unwelcome development” on LinkedIn, urging Australians not to seek out the data and assuring those affected that the government will collaborate with MediSecure to ensure “individuals are appropriately informed.” 

“We are aware a dataset purporting to be from the MediSecure breach has been advertised for sale on a dark web marketplace, along with a sample of the data. Australians should not go looking for this data. Accessing stolen sensitive or personal information on the dark web only feeds the business model of cyber criminals,” the NCSC stated. 

Unlike recent data breaches at Medibank, DP World, and Aussizz Group, which are attributed to prominent ransom gangs with sophisticated infrastructure, it had been suggested that the MediSecure breach might have been carried out by a smaller threat actor without significant backing. 

This conclusion is based on the timing of Ansgar’s forum account creation and the appearance of the leak on a hacking forum rather than a dedicated ransom gang's site.

MediSecure has assured the public that the cyber attack does not affect the ability to access medications, with both paper and electronic prescriptions continuing to operate as normal.