Category: Cyber Security

Medibank confirms names, addresses, birthdays posted to dark web by hackers after ransom deadline passes

Medibank confirms names, addresses, birthdays posted to dark web by hackers after ransom deadline passes

Medibank has confirmed that cyber criminals have released customers’ personal data on a dark web forum following a data breach earlier this month.

The information posted included names, addresses, dates of birth, phone numbers, email addresses, Medicare numbers for customers of Medibank budget brand ahm (but not expiry dates), in some cases passport numbers for international student customers (but not expiry dates), and some health claims data.

The client data was released after a deadline passed for Medibank to pay a ransom.

AFP Cyber Command Assistant Commissioner Justine Gough said customers that are contacted by phone or by SMS with threats to release their data should not be embarrassed to contact police through ReportCyber.

“Blackmail is an offence and those who misuse stolen personal information for financial gain face a penalty of up to 10 years’ imprisonment.” She said in a statement.

Customers have also been advised not to assume that anyone who contacts them actually has access to their data, or that paying a ransom will protect their data privacy in any way.

9.7 million current and former Medibank customers have been affected by the breach.

Would you know how to identify a phishing scam via phone, post or email? Do you know where are your data lives and what protects access to it? Do you know the security score of your key service providers?

Acurus helps companies start to build Cyber Security resilience by aligning to the ACSC Essential 8 as a starting point. We then help companies build out sophisticated and mature IT security capabilities and standards. 

Contact us below to speak with our cyber security experts and start the journey to protect your company today.

Contact



    Hackers target Defence social media platform

    Hackers target Defence social media platform

    ForceNet, a defence e-Communications platform has been the latest target in a new cyber attack.

    The platform, run by external ICT provider Dialog Information Technology, said there is no cause for major concern as no data of current or former staff had been put at risk.

    The Chief of the Defence Force, General Angus Campbell and DoD Secretary Greg Moriarty have also said there is no evidence to suggest that any data had been compromised.

    The Department of Defence (DoD) said they are taking the matter very seriously and are working with provider to determine the extent of the attack.

    ForceNet have said they held between 30,000 and 40,000 records but there is no evidence that the data of current and former APS staff and ADF personnel has been compromised.

    IDCARE, the national identity and cyber support service for Australia and New Zealand, has been engaged by the DoD to help those affected by the attack.

    Would you know what to do if one of your social media platforms had been compromised? Do you know the security score of the platforms you are using? Do you know where are your data lives and what protects access to it?

    Acurus helps companies start to build Cyber Security resilience by aligning to the ACSC Essential 8 as a starting point. We then help companies build out sophisticated and mature IT security capabilities and standards. 

    Contact us below to speak with our cyber security experts and start the journey to protect your company today.

    Contact



      Harcourts Melbourne City real estate agency advises customers of data breach

      Harcourts Melbourne City real estate agency advises customers of data breach

      Harcourts real estate have suffered a data breach, potentially exposing customers’ names, addresses and bank details.

      According to an email sent to customers of Harcourts Melbourne City, the company’s rental property data base had been accessed on October 14.

      Harcourts maintain they only became aware of the attack on October 24.

      The real estate company is blaming its service provider Stafflink for the incident, who have denied the allegations and said Harcourts’ poor security protocols are responsible for the breach.

      Harcourts said information such as names, addresses, copies of signatures, photo identification and bank details may have been visible to hackers though at this point it is not known how many people may have been impacted by the breach.

      Do you know your Cyber Security capabilities, and your level of risk? Do you have a clear plan on how to improve your capabilities? Would you know what do to do if you had a cyber security incident? 

      With over 20,000 new vulnerabilities released in a year, it can be difficult to keep track of all the new vulnerabilities that are discovered every day, and sometimes it feels like we’re fighting a losing battle.

      Acurus helps companies start to build Cyber Security resilience by aligning to the ACSC Essential 8 as a starting point. We then help companies build out sophisticated and mature IT security capabilities and standards. 

      Request a free Essential 8 assessment to start your journey on protecting your company, employees and customers below.

      Contact



        No cyber insurance as Medibank breach hits four million customers

        No cyber insurance as Medibank breach hits four million customers

        Medibank has confirmed their lack of cyber insurance will cost the company between $25 and $35 million, following a recent breach.

        The health insurer announced on 26 October that cyber criminals gained access to personal data from all 3.9 million of Medibanks customers.

        Cyber thieves now have access to sensitive information such as health-claims data, ahm and international students’ units as well as personal data.

        Customers should expect to be contacted directly by Medibank to be notified what specific data has been taken from them.

        The Australian Federal Police (AFP), Australian Cyber Security Centre (ACSC) and third-party IT experts are now working with Medibank to investigate the breach. 

        Do you have a clear direction on your cyber security position and strategy? Contact us below to speak with our cyber security experts and start the journey to protect your company today.

        Contact



          Government proposes $50m data breach fines

          Government proposes $50m data breach fines

          The Australian government will introduce new legislation to increase data breach penalties, with fines of up to $50m being proposed.

          Attorney-general Mark Dreyfus announced on 22 October that the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022, is set to significantly increase fines in the event of serious or repeated privacy breaches.

          Australian organisations could now face drastic fines for any future cyber security incidents that involve a breach of customer data.

          This significant shift in Australian privacy legislation comes after multiple Australian companies were targeted in landmark data breaches, including Optus, MediBank, MyDeal and VinoMofo.

          The current level of penalty for such incidents’ came under heavy criticism from multiple government figures with fines being capped at only $2.2 million.

          As these penalties dramatically increase, organisations should be incentivised to invest in proper safeguards and cybersecurity, to avoid hefty fines and to keep their customers information secure.

          Do you know your Cyber Security capabilities, and your level of risk? Do you have a clear plan on how to improve your capabilities? Would you know what do to do if you had a cyber security incident? 

          With over 20,000 new vulnerabilities released in a year, it can be difficult to keep track of all the new vulnerabilities that are discovered every day, and sometimes it feels like we’re fighting a losing battle.

          Acurus helps companies start to build Cyber Security resilience by aligning to the ACSC Essential 8 as a starting point. We then help companies build out sophisticated and mature IT security capabilities and standards. 

          Request a free Essential 8 assessment to start your journey on protecting your company, employees and customers below. 

          Contact



            Vinomofo data breach: 500,000 customers at risk after wine dealer hit by cyber-attack

            Customers of Australian company Vinomofo are the latest victims of personal information exposure after the wine dealer suffered a major cyber-attack.

            Personal information including names, dates of birth, addresses, email addresses, phone numbers and genders of customers are at risk of exposure.

            It is not yet clear if all of Vinomofo’s 500,000 customers were exposed but all have been warned to remain on high alert of scam activity after the hack.

            Vinomofo said the risk to its members was “low” because other sensitive information such as passports, credit card details and driver’s licences were not held by Vinomofo.

            The incident occurred after an unauthorised third party unlawfully accessed the database from a testing platform that is not linked to Vinomofo’s live website.

            This latest breach follows a chain of attacks on telecommunications company Optus, health insurer Medibank, and more recently online retail store MyDeal.

            All Australian organisations should take these incidents’ as a stark reminder of the importance of a strong cybersecurity position and strategy.

            Contact