1
00:00:02,720 --> 00:00:05,040
Speaker 1: My name is Lily Madden and I'm a proud Arunda

2
00:00:05,240 --> 00:00:10,040
Speaker 1: Bungelung Calcuttin woman from Gadighl country. The Daily oz acknowledges

3
00:00:10,119 --> 00:00:12,320
Speaker 1: that this podcast is recorded on the lands of the

4
00:00:12,320 --> 00:00:15,880
Speaker 1: Gadighl people and pays respect to all Aboriginal and Torres

5
00:00:15,880 --> 00:00:18,799
Speaker 1: Strait Island and nations. We pay our respects to the

6
00:00:18,800 --> 00:00:21,599
Speaker 1: first peoples of these countries, both past and present.

7
00:00:27,440 --> 00:00:30,120
Speaker 2: Good morning and welcome to the Daily os. It's Tuesday,

8
00:00:30,160 --> 00:00:31,520
Speaker 2: the fifteenth of November.

9
00:00:31,680 --> 00:00:33,040
Speaker 3: I'm Zara, I'm Sam.

10
00:00:33,159 --> 00:00:33,279
Speaker 4: Now.

11
00:00:33,280 --> 00:00:36,120
Speaker 2: It's been just over a month since private health insurer

12
00:00:36,240 --> 00:00:40,600
Speaker 2: Medibank announced a cybersecurity breach on its network, and since

13
00:00:40,640 --> 00:00:44,000
Speaker 2: then things have definitely gone from bad to worse. So

14
00:00:44,560 --> 00:00:46,440
Speaker 2: what happens when your data is stolen?

15
00:00:46,560 --> 00:00:48,200
Speaker 3: Where does it go? What does it mean?

16
00:00:48,800 --> 00:00:51,159
Speaker 2: In today's deep dive, we'll explain what you need to

17
00:00:51,159 --> 00:00:54,680
Speaker 2: know about the Medibank leak, ransom and dark web release.

18
00:00:54,800 --> 00:01:01,280
Speaker 2: But first, what's making headline? Sam.

19
00:01:01,480 --> 00:01:04,840
Speaker 3: Leaders from the world's biggest economies will descend on Bali

20
00:01:04,920 --> 00:01:08,200
Speaker 3: today and tomorrow for the annual G twenty summit. The

21
00:01:08,240 --> 00:01:10,600
Speaker 3: big news is that US President Joe Biden is set

22
00:01:10,640 --> 00:01:14,440
Speaker 3: to meet with his Chinese counterpart Jijimping. It's unclear if

23
00:01:14,480 --> 00:01:17,360
Speaker 3: Prime Minister Anthony Alberanzi will also have a meeting with she.

24
00:01:19,840 --> 00:01:24,200
Speaker 2: Flooding emergencies have been declared across Australia following heavy rainfall

25
00:01:24,280 --> 00:01:27,520
Speaker 2: in recent days. Flash flooding occurred in parts of New

26
00:01:27,520 --> 00:01:30,679
Speaker 2: South Wales and Victoria, causing major flood warnings to be

27
00:01:30,720 --> 00:01:34,679
Speaker 2: issued as hundreds of calls for assistance were made. Extreme

28
00:01:34,720 --> 00:01:37,560
Speaker 2: storms in South Australia caused blackouts for tens of thousands

29
00:01:37,600 --> 00:01:41,160
Speaker 2: of people while also closing down local schools. Pierre Anthony

30
00:01:41,160 --> 00:01:44,000
Speaker 2: Alberanzi said the government was quote working very closely with

31
00:01:44,040 --> 00:01:46,640
Speaker 2: state and local government on cleanup and recovery.

32
00:01:49,160 --> 00:01:52,840
Speaker 3: Ukraine has requested further energy supplies from Australia ahead of

33
00:01:52,840 --> 00:01:56,480
Speaker 3: what's expected to be a difficult European winter. While meeting

34
00:01:56,480 --> 00:01:59,240
Speaker 3: with Prime Minister Anthony Alberzi at the East Asia Summit,

35
00:01:59,400 --> 00:02:04,120
Speaker 3: Ukrainian our Our Minister Dimitro Kolaba requested additional energy supply and

36
00:02:04,160 --> 00:02:08,519
Speaker 3: infrastructure be sent to Ukraine to help keep essential services functioning.

37
00:02:10,520 --> 00:02:13,080
Speaker 2: And today's good news, doctor Kate George will become the

38
00:02:13,120 --> 00:02:17,320
Speaker 2: first Aboriginal woman to chair an ASX listed company. Doctor

39
00:02:17,360 --> 00:02:20,560
Speaker 2: George was the first Aboriginal student to graduate in law

40
00:02:20,639 --> 00:02:24,320
Speaker 2: from the Australian National University and the first Aboriginal woman

41
00:02:24,360 --> 00:02:26,359
Speaker 2: to be admitted to practice law in WA.

42
00:02:28,800 --> 00:02:31,360
Speaker 3: In the last couple of months, we've had two major

43
00:02:31,520 --> 00:02:34,640
Speaker 3: cyber attacks, one on Optus, the big telco, and the

44
00:02:34,639 --> 00:02:37,720
Speaker 3: other on Medibank, the big private health insurer. Today we're

45
00:02:37,760 --> 00:02:39,720
Speaker 3: going to be talking about that second one, and it

46
00:02:39,800 --> 00:02:42,160
Speaker 3: really has been in the news every day this week.

47
00:02:42,200 --> 00:02:45,639
Speaker 3: In nine point six million people have had their data stolen.

48
00:02:45,720 --> 00:02:48,640
Speaker 3: But there's a lot more to the story than that, Zara,

49
00:02:48,800 --> 00:02:50,520
Speaker 3: when did we first learn about the league?

50
00:02:50,720 --> 00:02:52,640
Speaker 2: Yeah, well, I mean it's not just this week. I

51
00:02:52,639 --> 00:02:54,880
Speaker 2: feel like we've been talking about it for ages. But

52
00:02:55,040 --> 00:02:57,760
Speaker 2: the first news we had from Medibank was on the

53
00:02:57,840 --> 00:03:01,720
Speaker 2: fourteenth of October, and they said then that they detected

54
00:03:01,840 --> 00:03:04,919
Speaker 2: unusual activity on their network. I remember at that time

55
00:03:05,000 --> 00:03:07,720
Speaker 2: we were really preoccupied with the Optis news, so I

56
00:03:07,720 --> 00:03:11,359
Speaker 2: think not everyone was paying attention. But at that point

57
00:03:11,400 --> 00:03:14,160
Speaker 2: they were saying that they didn't think any sensitive data

58
00:03:14,200 --> 00:03:16,720
Speaker 2: had been stolen and that the breach was only a

59
00:03:16,800 --> 00:03:20,480
Speaker 2: risk for specific customers. So in early October, when we

60
00:03:20,520 --> 00:03:22,760
Speaker 2: first started hearing about this. The only people that were

61
00:03:22,800 --> 00:03:25,320
Speaker 2: thought to have been at risk of having their data

62
00:03:25,360 --> 00:03:29,919
Speaker 2: leaked were customers from Medibank's budget provider AHM and their

63
00:03:29,960 --> 00:03:33,640
Speaker 2: international student insurance, so at that point those were the

64
00:03:33,680 --> 00:03:35,680
Speaker 2: only things we understood to have been impacted.

65
00:03:36,520 --> 00:03:38,600
Speaker 3: So they were saying a breach had happened, and that

66
00:03:38,680 --> 00:03:40,400
Speaker 3: was the first we'd heard of it, and they made

67
00:03:40,400 --> 00:03:42,560
Speaker 3: a really clear point of saying it was only impacting

68
00:03:42,560 --> 00:03:45,240
Speaker 3: specific people. At that point, did we have a sense

69
00:03:45,240 --> 00:03:46,880
Speaker 3: of what information had been stolen?

70
00:03:47,080 --> 00:03:49,920
Speaker 2: Well about a week after that first announcement, Medibanks said

71
00:03:50,040 --> 00:03:52,640
Speaker 2: it had been contacted by a criminal group claiming to

72
00:03:52,680 --> 00:03:55,640
Speaker 2: have stolen two hundred gigabytes of data, So that was

73
00:03:55,720 --> 00:03:58,840
Speaker 2: kind of the first reference to how much information had

74
00:03:58,880 --> 00:04:02,840
Speaker 2: been taken. But again, that sample only confirmed that it

75
00:04:02,920 --> 00:04:07,680
Speaker 2: was AHM customers and International student insurance customers, so there

76
00:04:07,720 --> 00:04:10,080
Speaker 2: was nothing new there in terms of who had actually

77
00:04:10,160 --> 00:04:11,080
Speaker 2: been targeted and.

78
00:04:11,040 --> 00:04:13,160
Speaker 3: What are we talking here names and addresses?

79
00:04:13,240 --> 00:04:15,880
Speaker 2: Was that it They knew for sure that names, addresses,

80
00:04:16,080 --> 00:04:20,200
Speaker 2: medicare numbers, policy numbers, and contact details of those customers

81
00:04:20,200 --> 00:04:23,960
Speaker 2: had been taken. Medibank said the hackers also had information

82
00:04:24,040 --> 00:04:27,640
Speaker 2: about where customers received medical services, you know, the kinds

83
00:04:27,680 --> 00:04:32,080
Speaker 2: of procedures and diagnoses they received, and customers financial data

84
00:04:32,120 --> 00:04:32,520
Speaker 2: as well.

85
00:04:32,880 --> 00:04:37,240
Speaker 3: Okay, so what changed between that period and then suddenly

86
00:04:37,760 --> 00:04:40,479
Speaker 3: millions of Australian's health records being online.

87
00:04:40,520 --> 00:04:43,120
Speaker 2: Well, I think an important milestone is when the federal

88
00:04:43,120 --> 00:04:46,120
Speaker 2: police got involved, which was around the twentieth of October,

89
00:04:46,160 --> 00:04:48,360
Speaker 2: and I mean that's as good of an indication as

90
00:04:48,400 --> 00:04:51,680
Speaker 2: any that it's getting really, really serious. And that's when

91
00:04:51,720 --> 00:04:53,799
Speaker 2: we started to learn for the first time that even

92
00:04:53,880 --> 00:04:57,400
Speaker 2: more had been stolen than initially thought. So the hacker

93
00:04:57,480 --> 00:04:59,720
Speaker 2: sent through another batch of data a few days after

94
00:04:59,760 --> 00:05:03,080
Speaker 2: the place got involved, which indicated basically that they had

95
00:05:03,120 --> 00:05:06,880
Speaker 2: accessed not just AHM and not just international student data,

96
00:05:07,320 --> 00:05:11,479
Speaker 2: but also data from across Medibank's whole database. And that

97
00:05:11,600 --> 00:05:12,400
Speaker 2: is a lot of people.

98
00:05:12,800 --> 00:05:15,240
Speaker 3: Yeah, it's the biggest health insurance provider in the country,

99
00:05:15,279 --> 00:05:16,040
Speaker 3: right it is.

100
00:05:16,120 --> 00:05:18,719
Speaker 2: And it was shortly after that that Medibank confirmed that

101
00:05:19,040 --> 00:05:21,680
Speaker 2: all of its customer data had been accessed in the

102
00:05:21,720 --> 00:05:25,360
Speaker 2: cyber attech. So that is some nine point seven million

103
00:05:25,760 --> 00:05:29,839
Speaker 2: former and current customers, which is just absolutely monumental. And

104
00:05:29,880 --> 00:05:33,120
Speaker 2: then again that same week, Medibank added some more information,

105
00:05:33,480 --> 00:05:36,440
Speaker 2: this time that the hackers had access data from a

106
00:05:36,520 --> 00:05:40,320
Speaker 2: joint venture between Medibank and the South Australian government called

107
00:05:40,360 --> 00:05:44,040
Speaker 2: My Home Hospital and my Home Hospital is a program

108
00:05:44,160 --> 00:05:47,360
Speaker 2: for high risk or high needs patients to provide them

109
00:05:47,400 --> 00:05:50,600
Speaker 2: within home medical care. So when we're talking about this here,

110
00:05:50,600 --> 00:05:53,480
Speaker 2: we're really talking about some of the most vulnerable people

111
00:05:53,640 --> 00:05:57,960
Speaker 2: in our community having their personal information stolen and subsequently

112
00:05:58,000 --> 00:05:58,920
Speaker 2: potentially leaked.

113
00:05:59,000 --> 00:06:02,200
Speaker 3: And I think when you talk about privacy violations, your

114
00:06:02,279 --> 00:06:04,599
Speaker 3: health records and your health data goes right at the

115
00:06:04,600 --> 00:06:06,400
Speaker 3: top of that list of the things that you wouldn't

116
00:06:06,440 --> 00:06:10,120
Speaker 3: want other people reading. It's some of our most personal information.

117
00:06:10,640 --> 00:06:12,480
Speaker 3: Why did the hackers want all this information?

118
00:06:13,080 --> 00:06:15,839
Speaker 2: Well, we know that the suspected hackers behind the breach

119
00:06:16,080 --> 00:06:20,040
Speaker 2: issued a ransom asking for ten million US dollars from Medicare,

120
00:06:20,120 --> 00:06:22,760
Speaker 2: and they threatened that if they didn't receive this money,

121
00:06:22,839 --> 00:06:24,680
Speaker 2: they would release customer data.

122
00:06:24,760 --> 00:06:27,080
Speaker 3: So we know that Medibank didn't pay the ransom. Talk

123
00:06:27,120 --> 00:06:27,800
Speaker 3: me through why.

124
00:06:28,080 --> 00:06:32,080
Speaker 2: The CEO, David Kosca said they've consulted security experts who

125
00:06:32,120 --> 00:06:35,159
Speaker 2: said that paying the ransom didn't guarantee the data would

126
00:06:35,200 --> 00:06:38,200
Speaker 2: be returned and actually might make things worse by making

127
00:06:38,240 --> 00:06:40,160
Speaker 2: Australia and even bigger target.

128
00:06:40,440 --> 00:06:42,479
Speaker 3: I was reading an interesting piece out of the UK

129
00:06:42,600 --> 00:06:44,880
Speaker 3: that said, there's kind of two types of ransoms here.

130
00:06:44,920 --> 00:06:47,200
Speaker 3: There's one where you get locked out of your system

131
00:06:47,320 --> 00:06:49,880
Speaker 3: and then you can pay a ransom to get the keyback,

132
00:06:50,200 --> 00:06:53,120
Speaker 3: change the password and your information is secure. But this

133
00:06:53,160 --> 00:06:56,080
Speaker 3: one where they actually steal the information, there's really no

134
00:06:56,160 --> 00:06:59,120
Speaker 3: point paying a ransom because they'll still have that information

135
00:06:59,160 --> 00:07:03,160
Speaker 3: at the end. What happened after they refused to pay, Well.

136
00:07:02,960 --> 00:07:06,000
Speaker 2: The hackers did what they said they'd do, after they'd

137
00:07:06,040 --> 00:07:09,760
Speaker 2: been threatening and threatening. Shortly after midnight on the ninth

138
00:07:09,800 --> 00:07:13,480
Speaker 2: of November, the deadline for the ransom, they posted customers

139
00:07:13,520 --> 00:07:16,520
Speaker 2: personal information on the dark web, and as part of that,

140
00:07:16,560 --> 00:07:20,600
Speaker 2: they posted two spreadsheets titled good List and Naughty List,

141
00:07:20,960 --> 00:07:24,440
Speaker 2: which included information on a range of sensitive medical procedures.

142
00:07:24,800 --> 00:07:28,920
Speaker 2: Then they posted a third file titled Abortions, which appeared

143
00:07:28,920 --> 00:07:32,480
Speaker 2: to list information about three hundred and three customers access

144
00:07:32,480 --> 00:07:34,440
Speaker 2: to abortion services in this country.

145
00:07:34,800 --> 00:07:37,720
Speaker 3: And that was only last week. What's happened in the

146
00:07:37,800 --> 00:07:38,960
Speaker 3: days since that release.

147
00:07:39,520 --> 00:07:41,880
Speaker 2: I mean, we've been hesitant to even do this podcast

148
00:07:41,960 --> 00:07:44,400
Speaker 2: because the minute we hang up the headphones and turn

149
00:07:44,440 --> 00:07:47,040
Speaker 2: off the mic, it seems like something new will have happened,

150
00:07:47,120 --> 00:07:49,400
Speaker 2: and that's just the nature of this data leak and

151
00:07:49,440 --> 00:07:52,440
Speaker 2: this data breach is that it is continuing to unfold

152
00:07:52,520 --> 00:07:55,880
Speaker 2: on a day by day basis. On Monday morning, hackers

153
00:07:55,920 --> 00:07:59,760
Speaker 2: released data about some policyholders access to mental health services.

154
00:08:00,000 --> 00:08:01,720
Speaker 2: So they've said they're not going to release any more

155
00:08:01,760 --> 00:08:04,720
Speaker 2: information until the end of the week after Medibank holds

156
00:08:04,720 --> 00:08:06,880
Speaker 2: its annual general meeting with shareholders.

157
00:08:07,000 --> 00:08:09,520
Speaker 3: And do we have any idea of who these hackers are?

158
00:08:09,760 --> 00:08:12,040
Speaker 2: All we know is what the AFP told us, which

159
00:08:12,120 --> 00:08:14,679
Speaker 2: was that they believe the hackers are based in Russia

160
00:08:14,760 --> 00:08:16,920
Speaker 2: and they believe the group could be connected to cyber

161
00:08:16,960 --> 00:08:21,520
Speaker 2: criminals responsible for other breaches internationally. The AFP believes they

162
00:08:21,560 --> 00:08:24,080
Speaker 2: know exactly who is responsible, but haven't gone so far

163
00:08:24,120 --> 00:08:25,400
Speaker 2: as to name them publicly.

164
00:08:25,920 --> 00:08:28,520
Speaker 3: So we have law enforcement with a relatively good idea

165
00:08:28,600 --> 00:08:31,120
Speaker 3: of where and who these hackers are. What do they

166
00:08:31,480 --> 00:08:32,880
Speaker 3: do then with that information?

167
00:08:33,240 --> 00:08:36,080
Speaker 2: Well, the federal government has announced a one hundred officer

168
00:08:36,160 --> 00:08:39,280
Speaker 2: operation to target hackers that'll be jointly led by the

169
00:08:39,320 --> 00:08:44,440
Speaker 2: AFP and the Australian Signals Directorate. Cybersecurity Minister Clara O'Neil said,

170
00:08:44,600 --> 00:08:47,160
Speaker 2: this is Australia standing up and punching back.

171
00:08:47,280 --> 00:08:49,440
Speaker 4: They will show up to work every day with the

172
00:08:49,480 --> 00:08:52,640
Speaker 4: goal of bringing down these gangs and thugs. This is

173
00:08:52,679 --> 00:08:56,120
Speaker 4: the formalization of a partnership which will day in, day

174
00:08:56,200 --> 00:08:59,920
Speaker 4: out hunt down the scumbags who are responsible for them

175
00:09:00,160 --> 00:09:02,280
Speaker 4: malicious crimes against innocent people.

176
00:09:02,960 --> 00:09:05,560
Speaker 2: We'll be back in just a moment, but first a

177
00:09:05,600 --> 00:09:08,400
Speaker 2: message from our sponsor Zarah.

178
00:09:08,480 --> 00:09:11,120
Speaker 3: Let's zoom out. There's been two major cyber attacks in

179
00:09:11,160 --> 00:09:14,280
Speaker 3: the last couple of weeks in Australia. It's almost now

180
00:09:14,480 --> 00:09:18,280
Speaker 3: over half the Australian population statistically has had some sort

181
00:09:18,280 --> 00:09:21,760
Speaker 3: of data leaked against them. What do we do here?

182
00:09:22,600 --> 00:09:24,719
Speaker 2: I mean, if you're the government who can actually do

183
00:09:24,760 --> 00:09:27,600
Speaker 2: something about this. They've said that it isn't enough to

184
00:09:27,640 --> 00:09:30,160
Speaker 2: be tackling these data breaches one by one, you know

185
00:09:30,240 --> 00:09:31,080
Speaker 2: as they come up.

186
00:09:31,520 --> 00:09:33,800
Speaker 3: Some larger reform does need to happen.

187
00:09:34,000 --> 00:09:37,240
Speaker 2: And Minister O'Neil, who I was speaking about before, has

188
00:09:37,240 --> 00:09:39,240
Speaker 2: said that the government will aim to pass through new

189
00:09:39,280 --> 00:09:42,280
Speaker 2: privacy laws in the next fortnight and this is aimed

190
00:09:42,280 --> 00:09:45,800
Speaker 2: at boosting penalties for breaches to at least fifty million dollars.

191
00:09:46,320 --> 00:09:48,319
Speaker 2: But then there's also some talk too about whether the

192
00:09:48,360 --> 00:09:50,960
Speaker 2: government will make it illegal to pay for ransom in

193
00:09:51,000 --> 00:09:53,559
Speaker 2: these kinds of cases. But again, we will have to

194
00:09:53,640 --> 00:09:56,000
Speaker 2: keep an eye to see what happens next in this space,

195
00:09:56,040 --> 00:09:58,920
Speaker 2: and no doubt there'll be another company next week facing

196
00:09:59,000 --> 00:10:01,400
Speaker 2: the same crisis communications as Manibank.

197
00:10:01,600 --> 00:10:05,080
Speaker 3: I'm sure every executive in the country is quietly checking

198
00:10:05,160 --> 00:10:07,640
Speaker 3: their privacy settings to make sure that they're not next,

199
00:10:07,679 --> 00:10:11,480
Speaker 3: because it obviously has a massive brand impact economic impact,

200
00:10:11,559 --> 00:10:14,240
Speaker 3: but of course the real victims are those whose data

201
00:10:14,320 --> 00:10:20,360
Speaker 3: has been leaked. If you learn something new on today's podcast,

202
00:10:20,360 --> 00:10:22,120
Speaker 3: would love if you can give us a five star

203
00:10:22,240 --> 00:10:25,079
Speaker 3: rating on Spotify or Apple or wherever you're listening and

204
00:10:25,440 --> 00:10:28,480
Speaker 3: write a short review. It helps new listeners find us

205
00:10:28,559 --> 00:10:31,480
Speaker 3: and don't forget to subscribe so you never miss an episode.

206
00:10:31,720 --> 00:10:39,200
Speaker 3: We'll be back tomorrow. Until then, have a great day.