Australia experienced its largest data breach to date at the conclusion of 2022, impacting 9.7 million Medibank customers. The breach resulted in the illicit access of highly sensitive personal information through a ransomware attack perpetrated by cybercriminals.

During the incident, Medibank took a firm stance by declining to comply with the hackers’ ransom demand, amounting to approximately 10 million US dollars.

The Australian government has implicated the REvil cybercriminal group in the attack, alleging that Russian national Aleksandr Ermakov played a key role in the Medibank breach.

How did the hack happen?

The Medibank breach commenced with the illicit acquisition of credientials owned by an individual with priviledge access to Medibank’s internal systems. These credentials were subsequently sold and acquired on the dark web by an unverified purchaser, who then utilised them to gain entry to Medibank’s internal network.

Once inside, the threat actor identitifed the location of the customer database and then used the stolen privilaged credentials to write a script to automat the customer exfiltration process.

Therefore the impact of this breach has been alarming for both consumers and the Office of the Australian Information Commissioner (OAIC).

The Medibank breach commenced with the illicit acquisition of credentials owned by an individual with privileged access to Medibank’s internal systems. These credentials were subsequently sold and acquired on the dark web by an unverified purchaser, who then utilized them to gain entry to Medibank’s internal network.

Once inside, the threat actor identified the location of a customer database and then used the stolen privileged credentials to write a script to automate the customer data exfiltration process.

What information was hacked?

9.7 million Medibank customers were impacted by the breach. Compromised records include:

• Names
• Birth dates
• Passport numbers
• Information on medicare claims

Impact of the hack:

The consequences of this breach, alongside the Optus incident, involve the potential for identity theft among the victims of these data breaches. This could lead to the need for replacement identity documents, such as passports or driver’s licenses, and may even result in class-action lawsuits, as seen with Medibank customers, both past and present.

Nevertheless, the full extent of the financial and medical impact of the data breach may not become apparent for several years, while Medibank is facing significant fines due to the legal ramifications of the breach. The Australian Federal Court is tasked with determining whether fines will be imposed on Medibank. Each violation carries a maximum penalty of $2.22 million, and the commissioner has alleged a contravention for each of the 9.7 million customers, potentially amounting to fines exceeding $21 trillion. The decision on any imposed fines rests with the Federal Court.

The Aftermath of the Hack:

There have been numerous investigations into recent events as well as measures to prevent future cybercrimes. A recent court ruling by the OAIC revealed that Medibank lacked multi-factor authentication (MFA). MFA is a multi-step login process that necessitates users to provide more than just a password. For instance, users may need to input a code sent to their email, respond to a secret question, or utilize a fingerprint scan, in addition to their password.

This additional layer of protection is crucial in safeguarding sensitive and personal data against potential breaches.

Subsequently, Medibank has implemented additional cybersecurity measures to ensure the protection of their customers, including MFA, 24-hour monitoring, and collaboration with cybersecurity professionals.