TLDR:
Key Points:
- Optus and Medibank experienced data breaches in 2022 due to cyber security failures.
- Optus had a coding error in an exposed API, while compromised credentials led to Medibank’s breach.
Article Summary:
Australia’s privacy regulator alleged that cyber security failures at Optus and Medibank resulted in data breaches in 2022, exposing sensitive customer data. The Optus breach was caused by a coding error in a dormant API, while compromised credentials on an admin account led to the Medibank breach. The cyber criminal exploited the coding error at Optus to access customer information, while at Medibank, a contractor’s credentials were stolen, giving access to critical systems. Medibank’s failure to implement security controls like MFA for VPN access allowed the breach to occur. Data exfiltrated during the breaches was later found on the dark web. Both companies are cooperating with investigations and working to enhance their cyber security measures.