Medibank Data Breach Impacts 9.7 Million Customers

Edward Kost
Edward Kost
November 11, 2022

Medibank suffered a data breach that compromised 9.7 million current and former customers - an impact with a chilling resemblance to the Optus data breach that occurred less than a month earlier.

The attack vector that facilitated the breach was a set of stolen high-ranking corporate credentials that were sold on a cybercriminal marketplace. Cybercriminals believed to be affiliated with the defunct ransomware gang, REvil, used these credentials to log into Medibank's network and exfiltrate the customer database. 

Upon detecting unusual activity within its network, Medibank’s security team promptly located and shut down two backdoors facilitating data transfer during the attack. This likely caused an unexpected disruption to the attack, preventing the cybercriminals from encrypting Medibank's systems - the characteristic final stage of a ransomware attack.

Unfortunately, the attack wasn't disrupted before 200 GB of customer data was stolen.

The cyber criminals demanded a ransom payment of US$10 million to prevent the stolen database from being published on the dark web (a cybercriminal network accessible through a specialised Tor browser).

Medibank denied a ransom payment. In an effort to reverse this decision and extort payment, the cybercriminals have published segments of sensitive customer data on the dark web, promising to publish more if the ransom payment isn't made.

This story is still unfolding.

Is your organization at risk of a data breach? Click here to find out >

Keep Learning about the Medibank Data Breach

How secure is Medibank?

Medibank is one of Australia's largest private health insurance funds.
  • Check icon
    View our free preliminary report on Medibank’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
Security ratings
Abstract shape
Deliver icon

Sign up for our newsletter

Stay up-to-date on everything UpGuard with our monthly newsletter, full of product updates, company highlights, free cybersecurity resources, and more.
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan rating