The government put a blowtorch on Optus, so why did Medibank get kid gloves?


It took Cybersecurity Minister Clare O’Neil 5 phrases to chop by means of the layers of Optus spin. Requested whether or not she believed the corporate’s claims it had been hit with a “subtle” hack final month, she mentioned: “Effectively, it wasn’t. So, no.”

The response was a pearler, clear and direct, placing the telco as an alternative.

Cybersecurity consultants sharpened their very own knives. Alastair MacGibbon, a former head of the federal government’s Australian Cyber Safety Centre, mentioned Optus’ disaster administration was poor and had made issues worse.

Medibank – the sufferer of a good worse hack, which has uncovered particulars as private as whether or not somebody has battled with medication – against this has obtained the complete Staff Australia therapy. O’Neil, a grasp of strategically deployed invective, has likened the hackers to “canines”, “scum of the earth”, the bottom of the low.

The opposition has called on Cybersecurity Minister Clare O’Neil (bottom right), to reveal what information the government had from Medibank under chief executive David Koczkar (top right).

The opposition has referred to as on Cybersecurity Minister Clare O’Neil (backside proper), to disclose what info the federal government had from Medibank beneath chief govt David Koczkar (prime proper).Credit score:Louis Trerise, Louise Kennerley, Arsineh Houspian

However she hasn’t mentioned a nasty phrase about Medibank regardless of the corporate’s drip-feed of updates, every confirming the hack was worse than believed within the earlier replace. What began with Medibank saying there was “no proof” buyer knowledge had even been accessed is now, two weeks later, a disaster engulfing all Medibank’s 4 million prospects, and maybe near that quantity once more in former members.

One may hope Medibank would make clear that determine, however the actuality is it doesn’t know the complete scale of the breach. That’s the crux of the critics’ complaints: relatively than Medibank stressing early on what it didn’t know, it emphasised there was no proof that the worst case had occurred. It was not a lie, however just a little like being informed your warehouse locks had been damaged and declaring all seemed nicely with out checking the pawnshop down the highway.


To start with, it seems O’Neil had no extra thought of the hack’s full extent than the remainder of us. Opposition cybersecurity spokesman James Paterson used parliament to get a solution from the federal government on Wednesday that means O’Neil first personally spoke to Medibank on or after October 19, seven days after the hack was first detected, although it had been briefing her workplace. However even when the complete scale grew to become more and more apparent, with revelations reminiscent of using a username and password granting “excessive degree entry” to Medibank’s programs, O’Neil didn’t assault the corporate.

“Given the sensitivity of knowledge concerned, it ought to have been taken extra critically from the beginning,” Paterson mentioned in a textual content. “As soon as it was clear a compromised credential was concerned there was no excuse.”

Share post:


More like this