The Australian Federal Police have claimed the hackers behind Medibank’s data breach are located in Russia.

The culprits are responsible for millions of customers’ data being exposed on the dark web.

The commissioner of the Australian Federal Police Reece Kershaw announced at a media conference that authorities had flagged a group of “loosely affiliated” cyber criminals as being responsible for the breach.

He said the agency believes it knows the identities of those behind the breach but would not name them, with some affiliates suspected to be in other countries.

The AFP said they will be speaking with Russian law enforcement about the individuals and the incident.

Kershaw directed a warning to the criminals, “We know who you are, and moreover, the AFP has some significant runs on the scoreboard when it comes to bringing overseas offenders back to Australia to face the justice system,” he said.

The federal government is looking to introduce new legislation to increase fines for companies that suffer serious or repeated privacy breaches.

The updated law would see the maximum fine for data breaches rise from $2.2 million to $50 million.

Would you know what to do if your personal information was leaked in a data breach? Do you know the security score of your key service providers? How safe is the data your organisation collects from its customers?

Acurus helps companies start to build Cyber Security resilience by aligning to the ACSC Essential 8 as a starting point. We then help companies build out sophisticated and mature IT security capabilities and standards. 

Contact us below to speak with our cyber security experts and start the journey to protect your company today.

Contact

Medibank confirms names, addresses, birthdays posted to dark web by hackers after ransom deadline passes

Medibank has confirmed that cyber criminals have released customers’ personal data on a dark web forum following a data breach earlier this month.

The information posted included names, addresses, dates of birth, phone numbers, email addresses, Medicare numbers for customers of Medibank budget brand ahm (but not expiry dates), in some cases passport numbers for international student customers (but not expiry dates), and some health claims data.

The client data was released after a deadline passed for Medibank to pay a ransom.

AFP Cyber Command Assistant Commissioner Justine Gough said customers that are contacted by phone or by SMS with threats to release their data should not be embarrassed to contact police through ReportCyber.

“Blackmail is an offence and those who misuse stolen personal information for financial gain face a penalty of up to 10 years’ imprisonment.” She said in a statement.

Customers have also been advised not to assume that anyone who contacts them actually has access to their data, or that paying a ransom will protect their data privacy in any way.

9.7 million current and former Medibank customers have been affected by the breach.

Would you know how to identify a phishing scam via phone, post or email? Do you know where are your data lives and what protects access to it? Do you know the security score of your key service providers?

Acurus helps companies start to build Cyber Security resilience by aligning to the ACSC Essential 8 as a starting point. We then help companies build out sophisticated and mature IT security capabilities and standards. 

Contact us below to speak with our cyber security experts and start the journey to protect your company today.

Contact

Hackers target Defence social media platform

ForceNet, a defence e-Communications platform has been the latest target in a new cyber attack.

The platform, run by external ICT provider Dialog Information Technology, said there is no cause for major concern as no data of current or former staff had been put at risk.

The Chief of the Defence Force, General Angus Campbell and DoD Secretary Greg Moriarty have also said there is no evidence to suggest that any data had been compromised.

The Department of Defence (DoD) said they are taking the matter very seriously and are working with provider to determine the extent of the attack.

ForceNet have said they held between 30,000 and 40,000 records but there is no evidence that the data of current and former APS staff and ADF personnel has been compromised.

IDCARE, the national identity and cyber support service for Australia and New Zealand, has been engaged by the DoD to help those affected by the attack.

Would you know what to do if one of your social media platforms had been compromised? Do you know the security score of the platforms you are using? Do you know where are your data lives and what protects access to it?

Acurus helps companies start to build Cyber Security resilience by aligning to the ACSC Essential 8 as a starting point. We then help companies build out sophisticated and mature IT security capabilities and standards. 

Contact us below to speak with our cyber security experts and start the journey to protect your company today.

Contact

Harcourts Melbourne City real estate agency advises customers of data breach

Harcourts real estate have suffered a data breach, potentially exposing customers’ names, addresses and bank details.

According to an email sent to customers of Harcourts Melbourne City, the company’s rental property data base had been accessed on October 14.

Harcourts maintain they only became aware of the attack on October 24.

The real estate company is blaming its service provider Stafflink for the incident, who have denied the allegations and said Harcourts’ poor security protocols are responsible for the breach.

Harcourts said information such as names, addresses, copies of signatures, photo identification and bank details may have been visible to hackers though at this point it is not known how many people may have been impacted by the breach.

Do you know your Cyber Security capabilities, and your level of risk? Do you have a clear plan on how to improve your capabilities? Would you know what do to do if you had a cyber security incident? 

With over 20,000 new vulnerabilities released in a year, it can be difficult to keep track of all the new vulnerabilities that are discovered every day, and sometimes it feels like we’re fighting a losing battle.

Acurus helps companies start to build Cyber Security resilience by aligning to the ACSC Essential 8 as a starting point. We then help companies build out sophisticated and mature IT security capabilities and standards. 

Request a free Essential 8 assessment to start your journey on protecting your company, employees and customers below.

Contact

No cyber insurance as Medibank breach hits four million customers

Medibank has confirmed their lack of cyber insurance will cost the company between $25 and $35 million, following a recent breach.

The health insurer announced on 26 October that cyber criminals gained access to personal data from all 3.9 million of Medibanks customers.

Cyber thieves now have access to sensitive information such as health-claims data, ahm and international students’ units as well as personal data.

Customers should expect to be contacted directly by Medibank to be notified what specific data has been taken from them.

The Australian Federal Police (AFP), Australian Cyber Security Centre (ACSC) and third-party IT experts are now working with Medibank to investigate the breach. 

Do you have a clear direction on your cyber security position and strategy? Contact us below to speak with our cyber security experts and start the journey to protect your company today.

Contact

Government proposes $50m data breach fines

The Australian government will introduce new legislation to increase data breach penalties, with fines of up to $50m being proposed.

Attorney-general Mark Dreyfus announced on 22 October that the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022, is set to significantly increase fines in the event of serious or repeated privacy breaches.

Australian organisations could now face drastic fines for any future cyber security incidents that involve a breach of customer data.

This significant shift in Australian privacy legislation comes after multiple Australian companies were targeted in landmark data breaches, including Optus, MediBank, MyDeal and VinoMofo.

The current level of penalty for such incidents’ came under heavy criticism from multiple government figures with fines being capped at only $2.2 million.

As these penalties dramatically increase, organisations should be incentivised to invest in proper safeguards and cybersecurity, to avoid hefty fines and to keep their customers information secure.

Do you know your Cyber Security capabilities, and your level of risk? Do you have a clear plan on how to improve your capabilities? Would you know what do to do if you had a cyber security incident? 

With over 20,000 new vulnerabilities released in a year, it can be difficult to keep track of all the new vulnerabilities that are discovered every day, and sometimes it feels like we’re fighting a losing battle.

Acurus helps companies start to build Cyber Security resilience by aligning to the ACSC Essential 8 as a starting point. We then help companies build out sophisticated and mature IT security capabilities and standards. 

Request a free Essential 8 assessment to start your journey on protecting your company, employees and customers below. 

Contact