Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Melbourne. Show all posts

Cyber-Attackers Claim to Have Accessed Customer Data at Medibank Australia

 


According to Medibank, which covers one in six Australians, an unidentified person notified the company that some 200 gigabytes of data had been stolen. This included medical diagnoses and medical treatments, as part of a theft that began a week earlier when the company disclosed a theft of 200 gigabytes of data.

As far as the number of its 4 million customers who may have been affected, the company did not provide information. However, it warned that the number is likely to rise as the issue unfolds. It was announced by the Australian Federal Police that they had opened an investigation into the breach, but that they had no further comments to make.

An Australian newspaper report has warned that the data of at least 10 million customers may have been stolen. This adds a heightened layer of intrigue to a wave of cyberattacks on the country's largest companies since No. 2 Telco Optus, owned by Singapore Telecommunications Ltd, revealed a month ago that the data of ten million customers may have been stolen. 

The majority of public commentary has so far focused on the possibility that hackers could gain access to bank accounts if they steal data or used identity theft to gain access to personal information. An article in the Sydney Morning Herald stated that it received a message from a person claiming to be the Medibank hacker threatening to publish medical records for high-profile individuals without receiving any payment until the hacker has been paid for his or her work.

Currently, the Melbourne-based security company is working with several cyber-security firms and has also contacted the Australian Cyber Security Centre (ACSC), which is the government's lead agency for cyber security.

"This is a situation where we have very sensitive information regarding healthcare and that information, if made public by itself, could cause severe harm to Australians, and that is why we at the Australian Broadcasting Corporation are so actively involved with this," said Cybersecurity Minister Clare O'Neill in an exclusive interview with the ABC.

As cyber security experts pointed out, it was unclear whether the three disclosures on data breaches were related to a single incident. This is because these attacks were diverse. However, the perceived publicity generated by the Optus attack may have drawn public attention to the hacker networks created by this company.

"When there is the highly visible breach, such as what happened to Optus in Australia, then hackers take notice of it and think they are planning to try to see what I can get away with down there," said the executive editor Jeremy Kirk for Information Security Media Group, one of the leading cybersecurity specialist magazines out there.

Interestingly, more than 2.2 million shoppers get their bargains on a bargain website that is used by Optus rival Telstra Corp Ltd. which on Tuesday disclosed an issue with employee data breaches, while Woolworths Group Ltd on Thursday said an unidentified party gained unauthorized access to the customer database of that site.

It has been well documented that high-profile data breaches demonstrate how crucial it is to use multi-factor authentication at every level of a company's network - i.e. when the person uses an authentication code sent to a separate device to log in - to prevent data breaches, according to Sanjay Jha, chief scientist at the University of New South Wales Institute for Cybersecurity.

Jha told Reuters over the phone that, although they have implemented such controls for end users, they should have even tougher controls for internal servers, since server security is a major concern.

"Continuous authentication is necessary for people not to log in and leave after logging in and leave forever, allowing attackers to access your computer and compromise it." Jha continued.

Founder and chief intelligence officer of F5, Dan Woods, a former FBI cyberterrorism investigator, commented that Australia had "undoubtedly endured its most difficult few weeks from a cybercrime perspective, but on the positive side, it's been a wake-up call for the country, one that it may have needed."