Medibank Private

Summary

Medibank detected unusual activity on its network which was later confirmed to be a major ransomware incident. The attacker gained access using a stolen credential of a third-party contractor. When Medibank refused to pay the $15M ransom, the attackers published the data on the dark web.

Attack Vector

Credential Compromise / Ransomware. The threat actor obtained the username and password of a third-party IT contractor who had high-level access to Medibank's systems. No Multi-Factor Authentication (MFA) was active on the specific access point used.

Consumer Impact

This breach was unique because of the sensitivity of the data.

• "The Naughty List": The attackers specifically categorized and leaked data related to mental health, drug addiction, and pregnancy termination services to maximize psychological distress.
• Identity Fraud: Standard identity documents (Medicare/Passport) were also stolen.