Cybersecurity experts have confirmed that the highly sensitive data of 12.9 million Australians, stolen from eScripts provider MediSecure, has been sold on the dark web and is currently up for resale. The 6.5 terabyte trove includes names, phone numbers, addresses, Medicare numbers, and sensitive medical information, such as prescribed drugs and their reasons. MediSecure, which suffered a ransomware attack in 2023, revealed the breach’s extent last week, making it one of Australia’s largest. Initially listed for $50,000, the data was recently marked as sold and is now offered again for $25,000, likely in US dollars. Experts, including Jamie O’Reilly of Dvuln, believe the data’s sale is highly probable, emphasizing that buyers aim to exploit the information further. The dark web’s secretive nature makes verifying sales difficult, but specialists agree that the data has been monetized. The breach heightens risks for Australians, as cybercriminals can use the stolen data to piece together personal information from multiple sources. Privacy Commissioner Carly Kind warns of a “mosaic approach” by bad actors, while previous breaches at Optus, Medibank, and Latitude have already compromised millions. The National Cyber Security Coordinator, Lieutenant General Michelle McGuinness, advises against accessing stolen information, citing legal and ethical concerns. Commissioner Kind emphasizes the importance of companies safeguarding data and avoiding unnecessary data collection to protect individuals. Despite the media focus on ransomware attacks, many breaches remain unreported, and organizations must proactively secure their data to prevent exploitation.