Data dumping (General)
Didn't hear anything about Optus not paying - which means they did - but Medibank Private has taken a different path. They're publicly refusing to negotiate with criminals - a riff on the old refusing to negotiate with terrorists.
David Koczkar, CEO: We believe there is only a limited chance paying a ransom would ensure the return of our customers' data and prevent it from being published.
In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers, and there is a strong chance that paying puts more people in harm's way by making Australia a bigger target.
It is for these reasons we have decided we will not pay a ransom for this event.
Great - we didn't keep you safe - but don't worry, now we're keeping more people out of harm's way!
Endorsed by Albo, no less: The company has followed the guidelines effectively. The advice is to not engage in a ransom payment.
At first i thought, whoa, we know the hackers are not bluffing, they've released data examples, even Medibank finally admitted as much - you gotta pay - what's your other move? Abandon all your customers personal data to be sold on the dark-web to be used in scams/hacks against them for the rest of their lives? You couldn't do that, surely? What about the elderly? They'll be eaten alive by scammers.
But if i'm the Medibank CEO, its a smart move. What do i care about our customers private data - we already had it collected for free - still got the master copy - why on earth would i pay good money for it? Let's get it all out there and be done with it.
It sets a handy discourse marker for corporations looking to wash their hands of responsibility. The same ones that have been greedily data scraping us - can now say:
Whoops ... ohr, sorry, but you know, the New Normal - who knew we needed to take cyber-security seriously?
But now is not the time to dwell on past mistakes - we'll learn from that and become better leaders going forward - now is the time we all need to unite to fight the criminals!