[Security Weekly] Medibank Confirms Data Breach of 3.9 Million Customers After Ransomware Attack
November 2022, Issue I
1. Medibank confirms data breach of 3.9 million customers after ransomware attack
Medibank, one of the largest private health insurance providers in Australia, published a statement on October 26 confirming that a ransomware actor accessed the personal data of all its 3.9 million customers.
The ransomware attack was first detected on October 12. Although Medibank initially suggested that there was no evidence of data access, the threat actors later contacted the company and threatened it with a sample containing 100 stolen files, from a pool of 200 GB of data stolen from the attack.
Compromised data included names, dates of birth, gender, addresses, Medicare card numbers, and health insurance claims. Impacted customers included all Medibank customers, all international student customers, and all customers of ahm, a subsidiary of Medibank.
To compensate for the incident, Medibank is reimbursing all stolen documents for free, and is offering its customers financial and mental support as well as identity protection services.
Sources: Bleeping Computer, The Guardian, ABC News
2. World’s second-largest copper producer shuts down systems following cyberattack
Hamburg-based Aurubis, the largest copper producer in Europe and the second largest in the world, revealed a cyberattack incident that forced it to shut down its IT systems and switch to manual operations. Aurubis claims to produce over 1 million tons of copper cathodes annually.
According to the disclosure, the attack took place on October 28, forcing the company to shut down a large number of IT systems to prevent further damage. Aurubis said that its production capacity and environmental protection capability remained at normal levels as the company switches to manual operations and maintenance to ensure the timely delivery of goods.
Aurubis suggested that the attack was part of a larger campaign targeting metal production industries. The impact of the attack continued throughout the beginning of November. The exact cause remains unknown and the company is unsure how long it will take before the systems fully recover.
Sources: Infosecurity, Reuters
3. Dropbox data breach exposes 130 GitHub repositories due to phishing attack
On November 1, Dropbox disclosed a data breach incident where the threat actors obtained access to 130 GitHub repositories belonging to the company, after successfully targeting its employees in an email phishing campaign.
The data breach was first discovered on October 14. Many Dropbox employees received seemingly legitimate emails from CircleCI, claiming that users must accept their new policies by logging into their accounts. Since CircleCI shares the same login credentials as GitHub, multiple employees fell for the trap, entering their GitHub credentials and using their hardware authentication key to pass 2FA on the fake login page.
The attackers then used these compromised GitHub credentials to access 130 repositories belonging to Dropbox developers. These contained some API keys, names and email addresses of Dropbox employees, sales lead information, internal prototypes, and tools and configuration files used by the security team.
Dropbox said that the compromised repositories do not contain the source code of core infrastructure, and reassured its customers that none of their user accounts and payment data were impacted in the breach.
Sources: Bleeping Computer, BankInfoSecurity,
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D’Amo
Identity and Access Management: iSIGN+
Car, Energy, Factory, City Solutions: Penta IoT Security