A report by Australia's Information Commissioner details how operational failures allowed hackers to breach Medibank, stealing data from 9 million people.

In October 2022, Medibank disclosed a cyberattack disrupting operations, confirming data theft impacting 9.7 million. Ransomware gang BlogXX leaked stolen data, linked to Russian national Aleksandr Gennadievich Ermakov. Medibank failed to protect data, with a contractor's compromised credentials leading to system access. Attackers exploited VPN and Microsoft Exchange vulnerabilities, stealing 520 GB data. Medibank's EDR flagged issues but wasn't acted on until October, revealing the breach. Multi-factor authentication (MFA) is crucial to defend against credential theft and breaches, especially for VPNs targeted by ransomware.