The criminals were then able to access Medibank’s network through a misconfigured firewall, which meant they did not require the usual two-factor authentication. The hackers then used this access to obtain further usernames and passwords to access other Medibank systems.
Australia’s privacy watchdog, announced in December that it will conduct a formal investigation into the health insurer’s handling of customer data following the breach.
The Office of the Australian Information Commissioner (OAIC) said its investigation will focus on whether Medibank took reasonable steps to protect the personal information it held from misuse, interference, loss, unauthorised access, modification or disclosure.
The biggest issue for Medibank is the potential for any adverse findings from the OAIC, and the KPMG reports, to open the door for policyholders to seek compensation for economic loss and distress suffered as a result of the breach. Two class actions have now been launched on behalf of affected policyholders.
Bloomberg Intelligence estimates that a compensation claim could easily reach $700 million.
Medibank also released its half-year results on Thursday, reporting a 5.9 per cent rise in net profit to $233.3 million, as revenue from its health insurance activities rose 1.3 per cent to $3.63 billion. The group also declared a 6.3c per share dividend.
The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Business News Click Here
For the latest news and updates, follow us on Google News.