Optus and Medibank data breaches reveal cybersecurity failures

August 4, 2024
1 min read

TLDR:

Key Points:

  • Optus and Medibank experienced data breaches in 2022 due to cyber security failures.
  • Optus had a coding error in an exposed API, while compromised credentials led to Medibank’s breach.

Article Summary:

Australia’s privacy regulator alleged that cyber security failures at Optus and Medibank resulted in data breaches in 2022, exposing sensitive customer data. The Optus breach was caused by a coding error in a dormant API, while compromised credentials on an admin account led to the Medibank breach. The cyber criminal exploited the coding error at Optus to access customer information, while at Medibank, a contractor’s credentials were stolen, giving access to critical systems. Medibank’s failure to implement security controls like MFA for VPN access allowed the breach to occur. Data exfiltrated during the breaches was later found on the dark web. Both companies are cooperating with investigations and working to enhance their cyber security measures.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and