After a cyberattack on the Australian insurance giant, Medibank, the company was left to determine the damage that was inflicted and how many of their clients were affected. It has now been determined and announced by Medibank that threat actors were able to access the entirety of Medibank’s client information along with health claims data. Additionally, some of this data was exfiltrated after it was initially thought by Medibank that the data was only accessed. This claim was debunked after the group responsible for the attack reached out to Medibank with samples of the data to extort them. Although the situation is unfortunate, Medibank should receive some credit for its transparency and investigation turnaround time. Medibank did not have cyber liability insurance and in total, the breach is likely going to cost the company around $35m, but this does not factor in other costs such as legal fees and compensation for affected customers.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in