Cyber Attack Medibank Private: Medibank, Woolworths Hacked, Australia’s Worst Year IT Network, Shares Drop Medibank Private: Shares in Medibank Private Ltd ( MPL.AX ) fell nearly 5% on Monday, even as Australia’s health regulator reassured clients that normal business operations had resumed after an attempt to attack a ransom note on its network.
The company, which reiterated that there is no evidence that customer data has been deleted from the network, continues to show the worst day in 2.5 years. Medibank shares fell 4.8% to A$3,350, their lowest level since July 19.
It is the latest in a series of cyber attacks in recent weeks to hit Australian businesses, including a breach at second-tier telecoms provider Optus that compromised the data of up to 10 million customers and one at Woolworths ( WOW.AX) which revealed. data. of nearly 2.2 million jobs. read more read more
Medibank announced last Thursday that it will be shutting down and removing access to some customer-facing systems after discovering unusual activity on its network.
Australia’s private health insurer, Medibank Private, said an ongoing investigation had not turned up evidence that customer data had been accessed or deleted from its network following last week’s incident. which shows the characteristics of a ransomware attack. “We have the bailout threat but are vigilant,” Medibank Chief Executive Officer David Koczkar told analysts and investors in a conference call on Monday morning.
The health regulator said on Wednesday that credentials were compromised to access its systems, but its ongoing investigation “shows that there is no evidence that customer data was deleted from its IT environment, after discovering last week’s special event in its own part. IT network.
Koczkar later clarified that there was no indication that customer data had been accessed. “At this time, we have no evidence that customer data may have been accessed, but this is the subject of our ongoing investigation,” he said.
The company said that its system was not compromised by ransomware at the time of the incident and there is no indication that the incident was caused by a threat/state actor. “Medibank faces the threat of ransomware but is vigilant and will take the necessary steps in the future to protect its operations and customer data,” he said.
Medibank temporarily blocked access to its policy management system for ahm and international student customers while the incident was investigated, but normal business resumed on Friday. The company said that its investigation showed that its cybersecurity system had detected activity “based on the precursors of the ransomware”, but that the ransomware had not hidden its system.
There is no indication that the cause is “a state threat”, the agency said, adding that the investigation into the incident will continue. It said its business is in line with its guidance for the fiscal year 2023 and will not be affected by the event.
Mbak Medibank is awaiting reports on the cyber incident, and the health regulator has confirmed it will remain closed for business while it investigates the incident. “Normal business operations have resumed and necessary measures will continue to be taken to secure the IT environment, including customer data,” he said.
No customer data appears to have been obtained as part of the Medibank breach, the CEO confirmed. This is shaping up to be Australia’s most dangerous year for cyber attacks as almost every Australian identity has been involved in a number of high-profile breaches involving telecoms, health, and business.
Cybersecurity expert and founder of StickmanCyber Ajay Unni says that the key takeaway for businesses is that a clear, efficient, and responsible response to cyberattacks is the best way to protect the reputation and the organization’s future performance. “Discussion is the key to any incident, including cyber, where the public will come to a conclusion that leads to the spread of the wrong,” he said.
“Being proactive and taking action, even when it may disrupt business, while keeping customers and the public informed is a step in the right direction. Get daily industry news.
The latest news, financial information, and expert advice. Free registration.
So what is the first thing a business should do if it falls victim to a cyber attack? Easy, says Unni – report it immediately.
Companies, regardless of their size and scope, should at least notify the Australian Cyber front Any more can help with the analysis and correction. ”
Here are five companies that have been attacked in the past two months. Medibank
A private health insurer has become the latest organization to be targeted by a cyberattack after it discovered unusual network activity on Wednesday, knocking international and ahm policy systems – and their data – offline.
However, no customer data appears to have been obtained during the breach, Medibank CEO David Koczkar said in a statement, although he added that “our investigation is ongoing.” “As we continue to make strong decisions to protect our networks and systems, we will do everything necessary to protect the data of our customers, people, and other stakeholders,” said Koczkar.
“We will update everyone as we learn more in the coming days.”
Senior figures have been involved in the Australian Center for Cybersecurity, APRA, the Information Commissioner’s Office, the Private Health Insurance Ombudsman, the Department of Health, and the Department of the Interior to ensure that regulators and others from the attack. “We will also share technical information with industry peers as part of our commitment to helping others understand how this incident happened and to enable our industry peers to defend themselves,”
Medibank said in a statement.
In September, the media company suffered the worst cyber attack in Australia’s history when the details of 9.8 million people, including names, dates of birth, phone numbers, email addresses, and, for some, driving licenses were obtained. it is a passport number. Of those affected, about 17,000 Medicare ID numbers have now been exposed, while another 26,000 have had expired ID numbers, although the media company assured people that hackers could not access them. Their Medicare information has the same number.
After facing some criticism over its response to the attack, Optus announced that international professional services firm Deloitte will conduct an independent external review of the incident, as well as its security systems, controls, and procedures. Optus CEO Kelly Bayer Rosmarin said the telecommunications company, which is owned by Singapore-based parent company Singtel, was “deeply sorry” and acknowledged the “significant concern” of the breach.
“This analysis will help us understand how it happened and how we can prevent it from happening again,” he said. “This will help inform incident response for Optus. It can also help others in private and public areas where sensitive data is held and where the risk of a cyberattack is. “I am convinced that I will rebuild trust with our customers and this important process will contribute to those efforts.
Optus Vice President of Regulatory and Public Affairs Andrew Sheridan added that the company “welcomes” changes to data sharing regulations that will allow the company to share information with authorized financial institutions and government agencies to speed up the process. and attack. It comes as Dialog, Singtel’s Australian IT subsidiary, also suffered a cyberattack in September in which third parties accessed the data of 20 customers and 1,000 current and senior employees.
The personal data of 2.2 million customers was exposed at the weekend after the Woolworths-owned MyDeal site was taken down by compromised user credentials. The name, email address, phone number, and delivery address of customers, as well as the date of birth of people who need to verify their age when buying alcohol, although more than half (1.2 million) have only. one email address revealed.
MyDeal does not store payment information, driving license or passport details, and no passwords were exposed in the attack, according to the Woolworths team. Woolworths has held an 80% stake in the company since September after a bid worth more than $200 million, although the MyDeal system is not linked to Woolworths.
MyDeal CEO Sean Senvirtne has apologized to customers for the massive data breach and promised to review cyber security measures at online retailers. “We will continue to work with the relevant authorities as we investigate the incident and keep our customers fully informed of any further updates that may affect them,” he said.
Australia’s biggest phone operator has admitted that 30,000 current and former employees suffered a minor data breach after another group accessed employee records dating back to 2017. The hack resulted in only users’ names and email addresses being extracted and posted on a hacking forum called Breached, which was also used in the Optus hack.
“We believe it was now designed to profit from the Optus breach,” a spokesperson said. In a tweet, Telstra said the hack was not a breach of any of Telstra’s systems and no customer account information was involved, despite being named by 12,800 users.
“We first informed our employees and the authorities that although there is a small risk to our former employees, we will try to explain to them,” the tweet read.
Telstra urged anyone affected by the breach to “be alert for any unexpected communications” afterward. One Costa
The mushroom growing company was hit by a “vicious and sophisticated computer phishing attack” in August that could have exposed the personal and sensitive information of workers at an Australian Costa berry farm.
It may include passport details, bank details, bank account details, and tax file numbers of employees directly hired by the Costa Bays department since 2013 or supplied by recruitment agencies. -work since 2019. Costa said the attack – which appears to have taken place on a server in Costa Corindi NSW – and subsequent system backups reduced services and required the use of manuals on some sites and delayed some deliveries.
“Although only about 10% of the data on the file server was accessed, it is not known exactly what data was accessed before the hidden hacker uploaded them,” the statement continued. “This information is primarily collected to satisfy certain laws related to the employment of citizens and non-citizens and is maintained as a necessary record-keeping requirement.”
The breach of Medibank’s system comes as Optus continues to deal with the fallout from a cyberattack that compromised the personal data of millions of Australians last month.
The company said that the Australian Cyber Security Center (an Australian government agency) is cooperating and working with them to inform the national response agency and get information and information that helps to solve the matter. what happened? Medibank said the incident would not disrupt business and confirmed it was still moving ahead with the guidance given during its annual results in August.
Shares in Medibank, which have been flat since the incident went public last Thursday, fell 5% in early trading to hit a low of $3.35. They closed the session at $3.41.