Medibank’s employee data leaked in MOVEit attacks


Medibank, Australia’s largest private health insurer, said that details of the company’s employees were exposed after its property manager fell victim to an attack exploiting the MOVEit flaw.

According to Medibank, one of its property managers, which uses the file transfer software MOVEit, was compromised. A file containing the insurer’s employee names, email addresses, and phone numbers was stolen, Reuters reported.

Medibank said that its systems “have not been impacted by the MOVEit cyberattack,” adding that the exposed file did not have employee bank details, payroll, or home addresses.

“We continue to investigate and work closely with the vendor, and at this stage we are not aware of any of our customers’ data being compromised,” Medibank said.

Cyberattacks plaguing Australia

The staff detail leak comes at a sensitive time for Medibank, as the company is still sifting through the fallout from a previous attack in October 2022. In that incident, hackers stole the sensitive data of around 9.7 million current and former customers.

Medibank is currently facing three class action lawsuits in relation to the breach, and is also under investigation by the country’s privacy regulator regarding its handling of personal information.

Over the past ten months, Australia has been roiled by a raft of cyberattacks. Hackers targeted Australia’s second-largest telecoms provider Optus and the country’s largest telecommunications company Telstra, which had details of 30k of the company’s staff members leaked.

IT services provider Dialog and MyDeal, a Woolworths subsidiary in Australia, were also attacked. Cybercriminals may also have compromised a dataset from ForceNet, Australia’s defense e-communications platform.

The wave of attacks have prompted regulators to investigate company practices regarding the handling personal information and plan an overhaul of the country’s cybersecurity rules.


More from Cybernews:

Ukraine pitches its war-proof tech sector to the world

European Investment Bank attacked, hackers claiming to “impose sanctions on EU”

Man claims he was attacked by delivery robot

New BreachForums site hacked by rivals

Grammys rule out AI nominations

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked