Security News > 2024 > August > Optus and Medibank Data Breach Cases Allege Cyber Security Failures
![Optus and Medibank Data Breach Cases Allege Cyber Security Failures](/static/build/img/news/optus-and-medibank-data-breach-cases-allege-cyber-security-failures-medium.jpg)
Both telecommunications provider Optus and private health insurer Medibank suffered large-scale data breaches affecting tens of millions of Australians, leading to heightened regulatory and business focus on cyber security in the years since.
More Australia coverage Australia's privacy regulator alleges serious Medibank cyber security failures.
Medibank's failure to implement security controls like MFA for virtual private network access - as well as not acting on multiple alerts from its endpoint detection and response security system - paved the way for its data breach, the Australian Information Commissioner claimed.
The AIC alleges serious failures in Medibank cyber security.
In court filings for a case brought against Medibank by Australia's privacy regulator, the AIC alleges that a Medibank contractor's username and password credentials allowed criminals to hack into Medibank.
The AIC has alleged that Medibank's endpoint detection and response security system generated various alerts in relation to the threat actor's activity at different stages of the infiltration, but these alerts were not triaged and escalated by the cyber security team until Oct. 11.
News URL
https://www.techrepublic.com/article/optus-medibank-data-breaches-australia/
Related news
- Medibank breach: Security failures revealed (lack of MFA among them) (source)
- 23andMe data breach under investigation in UK and Canada (source)
- Cylance confirms data breach linked to 'third-party' platform (source)
- Pure Storage confirms data breach after Snowflake account hack (source)
- Cylance clarifies data breach details, except where the data came from (source)
- Life360 says hacker tried to extort them after Tile data breach (source)
- Student's flimsy bin bags blamed for latest NHS data breach (source)
- Panera warns of employee data breach after March ransomware attack (source)
- New York Times warns freelancers of GitHub repo data breach (source)
- Keytronic confirms data breach after ransomware gang leaks stolen files (source)