Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Australia

Australia's Medibank Says Data of All 4 Million Customers Accessed By Hacker (reuters.com) 21

An anonymous reader quotes a report from Reuters: Australia's biggest health insurer, said on Wednesday a cyber hack had compromised the data of all of its of its nearly 4 million customers, as it warned of a $16 million to $22.3 million hit to first-half earnings. It said on Wednesday that all personal and significant amounts of health claims data of all its customers were compromised in the breach reported this month, a day after it warned the number of customers affected would grow.

Medibank, which covers one-sixth of Australians, said the estimated cost did not include further potential remediation or regulatory expenses. The company reiterated that its IT systems had not been encrypted by ransomware to date and that it would continue to monitor for any further suspicious activity. "Everywhere we have identified a breach, it is now closed," John Goodall, Medibank's top technology executive, told an analyst call on Wednesday.
"Our investigation has now established that this criminal has accessed all our private health insurance customers' personal data and significant amounts of their health claims data," chief executive David Koczkar said in a statement. "I apologize unreservedly to our customers. This is a terrible crime -- this is a crime designed to cause maximum harm to the most vulnerable members of our community."
This discussion has been archived. No new comments can be posted.

Australia's Medibank Says Data of All 4 Million Customers Accessed By Hacker

Comments Filter:
  • by Anonymous Coward

    Sorry, medibank, the criminal is YOU!!!

    Criminal negligence is the problem, and that is all you. It's telling that the first thing on your mind after you let the goods be compromised, is your profit.

    • I know they're out of fashion, but it seems like you missed out on an excellent opportunity for a Russian Reversal.

  • This hacking thing and need for cyber security must be new. No wait, if its our responsibility to pay and provide our personal information for services, then its your job to protect it.
  • "Everywhere we have identified a breach, it is now closed," John Goodall, Medibank's top technology executive, told an analyst call on Wednesday.

    What about everywhere there might be a future breach, and why was the same question not asked every month. I do believe they consider themselves only beholden to their shareholders. This should be the end of their company in my opinion, they should manage a transition to a more worthy successor that doesn't re-employ any of the old C suite execs

    • ...This should be the end of their company in my opinion, they should manage a transition to a more worthy successor that doesn't re-employ any of the old C suite execs

      Why because the new C suite execs are educated and trained to act any differently?

      You're right that they are rather corruptly beholden to shareholders. And that didn't happen overnight, so don't assume you can come at that problem with an instant-mix solution.

    • The real issue is that being a CTO, CSO, CISO, VP of Tech, etc... doesn't mean jack shit in terms of qualification. I know several CTO's who are so stupid, unqualified and walk a line of blatant technical competence fraud, that they should be fired outright. The CTO should be one of the more technically qualified persons in the company, period, full stop! If your CTO is not a grey beard who talks in Unix short form, they probably shouldn't have that job, because it leads to basic concepts being overlooke
      • They seem to understand golden parachutes. The government should tax all golden parachute payouts at 100% if the exec lost their job because of a security breach and make a C-purge mandatory for all publicly traded companies if there is a moderate to severe security issue

      • The position that scares me is head of computer security (whichever acronym it goes under) ... worked for two of the largest financial institutions in North America, and in both cases the individual in that role, while not computer illiterate, had close to zero understanding of any aspect of computer security. They got to their roles through politicking. Mostly, there are a few individuals in that department who get things done correctly. Mostly. But with the push towards 3rd party products/services - a

  • The sad thing is how childish most of these australian hacks have been: simple APIs exposed to internet with full access to databases.
    • That's the result of government digitisation efforts in general. Pay peanuts, get monkeys. Little accountability, little liability.

      • by mjwx ( 966435 )

        That's the result of government digitisation efforts in general. Pay peanuts, get monkeys. Little accountability, little liability.

        Medibank Private was never a government department, hence it's called Medibank Private (shortened to Medibank). It was once a corporatized non-profit private health insurer (essentially a private corporation with one shareholder, the govt). Went for profit in 2009 and fully privatised in 2014. They've been listed on the Australian Securities Exchange since.

        Hence the hackers only managed to get data on 4 million Australians, not the 24 million serviced by Medicare Australia (the public health care payment

  • Medibank apologised to its customers for the cyber attack.

    "Sorry" doesn't cut it. What are the average damages to an average customer? Some won't care. Others could have their lives ruined, by having private medical information revealed.

    Whatever those damages are, needs to be paid out, funded by deductions from CxO salaries and bonuses. So that, maybe, they will invest in security in the future.

  • Security blunders dropped to near zero once laws were put in place that made C-Levels personally (that is, with their money) responsible for criminal neglect.

    It also meant that suddenly security budget went up by magnitudes. Must have been a total coincidence.

  • The basic netizen is browbeaten because they don't have a 128 completely random character password, changed daily. A little sarcasm, but still, they love to blame us.

    While institutions simply give millions of people's personal data every day. And no end in sight. Always a simple access route. Usually completely open to the world.

    So with low hanging fruit like that, who's going to compromise a single person's computer when they can get millions of people's entire data set with less effort? There is o

  • Australians in general don't give anywhere near as many shits as Americans or Brits when it comes to openly discussing medical issues.

    This hack is not good in any form, but I feel like Americans will dive straight to the "OMG they know what I said to my doctor" rather than the far more important personal information that could lead to identify theft.

  • while our computing is being leveraged for surveillance and data harvesting we'll never be secure.

    just wondering (hoping) if i'll be dead by the time it reaches peak idiocy, but seems to be accelerating.

The 11 is for people with the pride of a 10 and the pocketbook of an 8. -- R.B. Greenberg [referring to PDPs?]

Working...