A data breach at Australia's second-largest telco may have raised the country's profile as a hacking target, cybersecurity experts said on Thursday, as federal police began investigating a separate breach at the country's top health insurer.
Since Singapore Telecommunications Ltd-owned Optus disclosed last month the theft of about 10 million customer records, equivalent to 40% of the country's population, the country's biggest companies and government bodies have been on high alert for repeat attacks.
Already larger Optus rival Telstra Corp has disclosed a small breach of employee data, while No. 1 grocery chain Woolworths Group Ltd said an unidentified party gained unauthorised access to the customer database of a bargain website used by 2.2 million shoppers.
Health insurer Medibank Private Ltd, which provides coverage for one-sixth of Australians, said on Wednesday that a hacker group had tried to negotiate payment for stolen policy-holder data. The company added that it was treating the unnamed party's demands seriously and halted trading in its shares pending an investigation.
"When you do have a highly visible breach like Optus in Australia out there, hackers take notice of that and go 'maybe I'll have a go down there and see what I can get away with,'" said Jeremy Kirk, executive editor at Information Security Media Group, a cybersecurity specialist publication.
Cybersecurity Minister Clare O'Neil said the Australian Federal Police (AFP) had opened an investigation into the Medibank attack, adding that, while the authorities did not know what had been stolen, any theft of healthcare records exposed people to having damaging personal information published.
The AFP said it was investigating but had no further comment.
"What we have here is... healthcare information and that just on its own being made public can cause immense harm to Australians and that's why we are so engaged with this," she told the Australian Broadcasting Corp.
The high-profile data breaches show the importance of multi-factor authentication – where a person uses a code sent to a separate device to log in – at every level of a company's network, said Sanjay Jha, chief scientist for the University of New South Wales Institute for Cybersecurity.
"Maybe for end users they have done it, but for internal servers they should have even more stringent control," Jha told Reuters by phone.
"You need continuous authentication so that people don't log in and leave it forever, and then attackers can compromise your system," he added.