Security and Breaches

posted by Roy Schestowitz on Nov 08, 2022

• Medibank Refuses to Pay Ransom After 9.7 Million Customers Exposed in Ransomware Hack

  Australian health insurer Medibank today confirmed that personal data belonging to around 9.7 million of its current and former customers were accessed following a ransomware incident.

  The attack, according to the company, was detected in its IT network on October 12 in a manner that it said was "consistent with the precursors to a ransomware event," prompting it to isolate its systems, but not before the attackers exfiltrated the data.

  "This figure represents around 5.1 million Medibank customers, around 2.8 million ahm customers, and around 1.8 million international customers," Medibank noted.

• iTWire - Ransomware group threatens to post Medibank data on dark web

  The operator of a ransomware blog, which was formerly used by the REvil gang, claims that data from Australia's Medibank Group will be posted on the dark web in 24 hours.

  Exactly when the post was made is unknown, but it comes soon after the company, on Monday, made a big deal about announcing that it would not pay a ransom to the attacker(s) who had hit its systems. It was later updated to include a screenshot of ABC satirist Mark Humphries who recently published a video about Medibank's woes.

• Linux Database Security Tips | LinuxSecurity.com

  Data leaks are extremely prominent in the cyber world due to lack of proper or adequate security implementation. Securing databases is an essential practice to ensure that consequences such as data loss to even unauthorized access or system downtime is avoided.

• iTWire - Optus agrees to refund NSW users for licences, others are in limbo

  Telco Singtel Optus has agreed to reimburse the costs of a new driving licence for NSW residents who were hit by the telco's catastrophic data breach.

  In other mainland states, the respective departments of transport are still battling to try and get the telco to accept responsibility for the leaking of drivers' licence data and pay up.

  It may be recalled that when Optus was asked about reimbursement of these costs with specific reference to Victoria, the company indicated that it would pay only the administrative costs incurred in issuing new licences — and not the costs of the licences themselves.

  iTWire contacted the five transport departments of the mainland states last week and asked them about Optus stance on paying for these documents.