Australian Regulators Detail Medibank Hack: VPN Lacked MFA

Court Filing: Threat Actor Stole Admin Credentials From IT Service Desk Contractor
Medibank's lack of MFA on its global VPN allowed a hacker to use credentials stolen from an IT services desk contractor to access the private health insurer's IT systems in 2022, leading to a dark web data leak affecting 9.7 million individuals, Australian regulators said in court documents.

access actor admin australian contractor court credentials dark dark web data data leak filing global hack hacker health insurer it services leak medibank mfa private regulators service services stolen systems threat threat actor vpn web