← Back to Breach Intelligence

Medibank Breach: 9.7 Million Australians Exposed After Stolen Credentials Attack

2024-12-18 Healthcare Credential Theft Ransomware Australia
Medibank Breach: 9.7 Million Australians Exposed After Stolen Credentials Attack

What Happened

In October 2022, Medibank Private — one of Australia's largest health insurers — confirmed that cybercriminals had accessed the personal data of approximately 9.7 million current and former customers. The stolen data included names, dates of birth, email addresses, phone numbers, Medicare numbers, and in some cases, highly sensitive health claims data including mental health, addiction, and pregnancy-related records.

The attackers, linked to the Russian-based REvil ransomware group, demanded a ransom. When Medibank refused to pay, the stolen data was published on the dark web in batches — deliberately targeting the most sensitive health claims first to maximise pressure.

How It Happened

The root cause was alarmingly simple: stolen credentials. An employee or contractor's login credentials were compromised, giving the attacker access to Medibank's internal systems. From there, the attacker moved laterally through the network over several weeks, eventually locating and exfiltrating customer databases.

Critically, the compromised account did not have multi-factor authentication (MFA) enabled. A single layer of defence — a username and password — was all that stood between the attacker and the personal data of nearly 10 million Australians.

The Cost

  • $450+ million in total costs (remediation, legal, regulatory, customer support)
  • Class action lawsuit filed on behalf of affected customers
  • OAIC investigation into potential Privacy Act violations
  • Reputational damage — significant customer churn and loss of public trust

What This Means for Your Business

The Medibank breach is a masterclass in how a single point of failure — one compromised credential without MFA — can lead to catastrophic consequences. The attacker didn't need a sophisticated zero-day exploit. They needed one password.

If your staff can't verify who they're talking to, and your accounts rely on passwords alone, you're already vulnerable to the same attack that hit Medibank.

This is exactly why Ironclad ID exists. Our Human Verify technology stops impersonation attacks dead — even if credentials are stolen, attackers can't provide the real-time verification code. Combined with AI-powered awareness training via ATLAS, your team learns to spot social engineering before credentials are ever handed over.

Source: ABC News

Don't Be the Next Headline

See how Ironclad ID protects your organisation from the attacks making the news.