Medibank staff data exposed after breach on facility manager’s software

by Sophie Berrill
0 comment
Medibank MOVEit

Medibank is back in the news after staff data was compromised – this time because of a cyberattack on third-party software used by its facility management providers.

A major cyberattack on a prominent third-party software platform called MOVEit has impacted companies and agencies around the world this month. Victims affected by the hack – which has been linked to Russian-speaking cybercriminals – include the BBC, US government agencies,  PwC Australia and now Medibank.

The private health insurer has been quick to assure that no customer data was stolen in the breach, which exposed some of its own staff. 

“One of our property and facility management providers use MOVEit and unfortunately they have been impacted by the cyberattack,” a Medibank spokesperson says.

“A file containing Medibank employee names, email addresses and phone numbers was compromised through our property and facility managers’ MOVEit platform.”

Facility Management reached out to Medibank for information about the property and facility management company involved, but it has declined to publicly confirm this. Medibank did confirm that the breach has only exposed work-related contact information. Sensitive information about bank details, payroll or home addresses was not exposed.

“We were advised by the vendor Ipswitch about some vulnerabilities discovered in MOVEit – a software system we use to share information with external parties – and immediately applied all the vendor’s recommended security patches,” the spokesperson says. 

“We continue to investigate and work closely with the vendor, and at this stage we are not aware of any of our customers’ data being compromised.”

To stay up to date with industry news, subscribe to the FM newsletter.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More