In its half yearly report, Australian health insurer Medibank shared a brief outline of how Russian based attackers got access to personal details of all 9.7 million of its customers. The Medibank breach in 2022 is one of the largest in Australian history. Hackers gained access using a stolen username and password for a third party IT service provider. They entered Medibank’s network through a misconfigured firewall which did not require any additional authentication, such as a digital security certificate. From there, the attackers were able to obtain further username and passwords for a number of other Medibank systems. The ACS, Australian Computer Society, has slammed Medibank as having made a rookie mistake that led to the largest data breach in Australian history.
https://ia.acs.org.au/content/ia/article/2023/medibank-finally-reveals–rookie-mistake–in-breach.html
This segment was created for the It’s 5:05 podcast