Major Australian health insurance provider Medibank was reported by the Office of the Australian Information Commissioner to have committed significant security lapses that resulted in a cyberattack in October 2022 that compromised data belonging to 9.7 million individuals, reports BleepingComputer. The far-reaching hack, which was tied to now-sanctioned Russian national Alexander Gennadievich Ermakov, has stemmed from the breach of a Medibank IT service desk operator’s home computer that contained browser-stored Medibank credentials, which provided attackers elevated privileges and access to the firm’s Microsoft Exchange server and its Palo Alto Networks Global Protect Virtual Private Network, according to the OAIC report.

Source: SC Magazine