In 2022, Australia experienced significant cyber security breaches involving telecommunications provider Optus and private health insurer Medibank, impacting millions of Australians. These breaches led to increased focus on cyber security by regulators and businesses.
The Optus data breach was caused by a coding error in the access controls of a dormant API, allowing a cyber criminal to access the personally identifiable information of 9.5 million customers. The error went undetected for several years, leading to the breach in 2022.
Similarly, the Medibank data breach was a result of a contractor’s credentials being hacked, giving access to sensitive information. Despite alerts from the endpoint detection system, the breach went unnoticed until data was exfiltrated.
Both companies are working to improve their cyber security measures and are cooperating with investigations. Legal action has been taken against them, highlighting the importance of safeguarding data in the digital age.
