Corporate Australia suffers fourth major hack since September

Australian Clinical Labs said on Thursday its Medlab Pathology business suffered a data breach that affected about 223,000 accounts, marking corporate Australia‘s fourth major hack since September.

The country’s No.1 health insurer Medibank, No.2 telco Optus and retailer Woolworths Group’s majority-owned online retailer MyDeal were also hit by breaches that compromised the data of millions of customers.

ACL said its affected data included more than 17,500 individual medical and health records, over 28,000 credit card numbers and customer names, as well as more than 128,600 Medicare numbers.

There was no evidence of misuse of any of the information or any demand made of Medlab or ACL to date, the company said, adding that the compromised Medlab server had been decommissioned and ACL’s broader systems were unaffected.

Medlab became aware of an unauthorised third-party access to its IT system in February and a month later, was informed by the Australian Cyber Security Centre (ACSC) that it may have been the victim of a ransomware incident.

“Given the highly complex and unstructured nature of the data-set being investigated, it has taken the forensic analysts and experts until now to determine the individuals and the nature of their information involved,” ACL said.

The ACSC also notified the company in June that Medlab’s information had been posted on the dark web, which ACL subsequently sought to find and permanently remove.

“We apologise sincerely and deeply regret that this incident occurred… We want to assure all individuals involved that ACL is committed to providing every reasonable support to them,” ACL Chief Executive Officer Melinda McGrath said.