The private health fund has ruled out making any ransom payment to recover the data - with the Australian Federal Police leading a criminal investigation.
This stand-off between Medibank and a group of anonymous hackers - their whereabouts unknown - has gone on for almost three weeks, with the data of millions held hostage.
Yesterday Medibank dug in, saying it would not pay a ransom.
And it's provoked this threat.
A group linked to cybercriminals - posting on the dark web, that “Data will be publish in 24 hours.”
The post continued: “P.S. I recommend selling Medibank stocks.”
On Tuesday morning Medibank shares plunged two and a half per cent.
In a statement the company acknowledged the threat - but did not confirm its credibility.
It's CEO - said it's "a distressing development for customers.”
But he's standing firm against any ransom payment.
Cybersecurity Expert Nigel Phair from UNSW - says that's seen as the responsible approach to discourage this behaviour.
"They're definitely doing the right thing by not paying it. The best way to get rid of this insidious cyber-criminal activity is really to stop paying, that will break the back of this activity."
Many customers are now joining a class action mounted by two law firms - Bannister Law and Centennial Lawyers.
George Newhouse is from Centennial Lawyers - and says the public is angry.
"We've been swamped with inquiries this morning. In fact, we've had to shut down our switchboard because we've had so many calls."
He's fighting for a multi-billion-dollar settlement - which could be up to half the company's worth.
"We need a real remedy for individuals. And I don't want to hear corporates, saying that they're the victims. it's the nine million customers of Medibank who are the victims and Medibank had a duty to do their utmost to ensure that data was not accessed and let's get to the bottom of how that happened."
At a senate estimate hearing, Australian Federal Police Commissioner Reece Kershaw confirmed the organisation has received assistance from America’s FBI to investigate the attack.
"These individuals and or syndicates as you know operate globally and we're not just talking to the bureau, there are other police forces in the five eyes group."
He said Medibank has been co-operative with authorities. But Several Australian businesses in past - have failed to report similar incidents and have given in to ransomware demands.
"We're aware of Australian companies who have been breached who've made payments through US law firms that have not reported as an crime."
There are some things customers can do to mitigate the risks, as ASIC Deputy Chair Sarah Court explains.
"There are a range of things, firstly notify your bank and your financial institution. Including your superannuation fund because we are seeing superannuation scams on the increase as well, monitor your bank accounts really closely to monitor for any unusual activity. Change your passwords."
For many Medibank customers - a nervous wait remains to see what happens next with their data.
