Medibank hit by second class-action lawsuit for cyber breach

Chp March 29, 2023
Medibank hit by second class-action lawsuit for cyber breach

This is the second class-action lawsuit filed against Australia’s largest health insurer in relation to the cyber event last October 11, 2022. During the incident, a security alert for unusual activity spotted on Medibank’s network eventually led to the discovery that an unnamed hacker group had gained access to the data of 9.7 million current and former Medibank customers – including 500,000 health claims – and released the data on the dark web.

In a recent cybercrime update, Medibank outlined what happened as follows:


The hacker accessed Medibank systems using stolen Medibank credentials being used by a third-party IT service provider.
The hacker accessed Medibank’s network through a misconfigured firewall which did not require an additional digital security certificate.
The hacker was able to obtain more usernames and passwords to gain access to Medibank’s systems.
Medibank shut down the criminal’s attack path and could detect no further activity from the hacker since October 12.

Medibank also provided affected Medibank and ahm customers with a tailored support package which included round-the-clock mental health support and access to specialist identity protection advice.

Today we will announce a comprehensive customer support package, which will include: 24/7 mental health and wellbeing support, support for customers who are in uniquely vulnerable positions and access to specialist identity protection advice with IDCARE for all customers


— Medibank (@medibank) October 24, 2022

The AFP criminal investigation into the cybercrime is still ongoing.

Medibank told Reuters it intends to defend itself against the second class-action lawsuit filed against it.

Just last month, the law firm Baker & McKenzie slapped Medibank with its first class-action suit regarding the October 2022 cyber event. Baker & McKenzie alleged a breach of contract, violation of Australian consumer law, and breach of equitable obligations of confidence.

See also  Chief executive hails Suncorp NZ's performance amid "disruptive" year

Medibank is one of many Australian companies attacked by cyber hackers and ransomware since September last year, Reuters reported. Digital payments firm Latitude Group and intellectual services provider IPH both reported data breaches earlier this month, making them some of the latest additions to the growing list of Aussie targets.

Any thoughts on the story? Let us know in the comments below.

 

Related posts:

  1. Aviva publishes Health & Wellbeing Risk Management Guide
  2. BodyGuide, E5 Workflow win DXC Invitational
  3. Florida reinsurance rules of engagement redefined by reforms: Demotech
  4. Berkshire Hathaway gets $1.42bn Q4 premium, $14bn float with Alleghany
Tags: , ,

More Stories

hurricane-beryl-satellite-image2

Current forecasts suggest limited reinsurance loss from Beryl landfall in Texas: BMS’ Siffert

Chp July 6, 2024
Insurance conglomerate strikes deal for EV chargers

Insurance conglomerate strikes deal for EV chargers

Chp July 5, 2024
New research reveals shift in attitudes and priorities among employees

New research reveals shift in attitudes and priorities among employees

Chp July 5, 2024

You may have missed

Marcel Pitcher Joins DKI Canada as Vice-President of Membership Services

Marcel Pitcher Joins DKI Canada as Vice-President of Membership Services

Chp July 6, 2024
Junkyard Gem: 1985 Jaguar XJ-S

Junkyard Gem: 1985 Jaguar XJ-S

Chp July 6, 2024
Southwest Flight Couldn't Wait 2 Minutes And Took Off From Closed Runway

Southwest Flight Couldn't Wait 2 Minutes And Took Off From Closed Runway

Chp July 6, 2024
33 Cheap Stocks to Buy in Q3: Morningstar

33 Cheap Stocks to Buy in Q3: Morningstar

Chp July 6, 2024
hurricane-beryl-satellite-image2

Current forecasts suggest limited reinsurance loss from Beryl landfall in Texas: BMS’ Siffert

Chp July 6, 2024