Security and Email Security

Australia rocked by three major data breaches – should we have seen it coming?

by Egress
Published on 28th Oct 2022

In recent months, Australia has become a hotbed for cyber attacks. Savvy data shows that there’s a cyber attack every 10 minutes in Australia, targeting individuals, SMEs, and government sectors for financial gain. The question is: why Australia? All these attacks are more than coincidental; there’s a pattern here.

Let’s dig into some of the biggest recent cybercrime cases in Australia, why the country has become so susceptible to these attacks and how they can be mitigated.

Major cyber attacks in Australia


In October 2022, health insurance company Medibank announced it had received a message asking for a ransom. The criminal group sending the message claimed they had stolen customer data and wanted to negotiate with Medibank. 

Medibank is a massive organization, complicating the investigation in conjunction with the Australian Cyber Security Agency, the Australian Signals Directorate, and the Australian Federal Police. It’s not yet clear whether any data was actually taken, but it is a reminder that even major organizations are at risk from attack.


Also, in October this year, Woolworths announced a breach through its online retail portal, MyDeal. The company stated that cybercriminals accessed its systems, exposing the data of 2.2 million people.

This data included the addresses, emails, phone numbers and names of MyDeal users. The breach didn’t impact the MyDeal app and websites, and Woolworths has been working with the appropriate authorities to find out how and why it occurred.


In September 2022, telecoms company Optus revealed details of a massive data breach that put the accounts of up to 10 million people at risk. A person – or group – named “Optusdata” claimed to have conducted the breach on a data breach forum, threatening to sell the information obtained.

Optusdata demanded Optus pay $1 million in cryptocurrency to stop them from publishing all the stolen data. They then posted what they claimed to be 10,000 customer records before deleting that post and the alleged records. Interestingly, they then uploaded an apology stating that they had deleted the only copy they had of the data, but this can’t be verified, so the risk is far from over. At this time, Optus has not paid the ransom.

Why is Australia vulnerable to attacks?

The fact that these three major attacks happened in the span of under two months shows the extent to which Australia has become vulnerable. There are several reasons for this.

Governmental roadblocks

A major issue facing Australia is that it simply doesn’t have the rules and regulations in place to stop cybercrime in its tracks, according to a cryptographer from the Australian National University. She says that the previous government made it difficult for organizations to use encryption for data safety, as it considered encryption to be a tool used by cybercriminals. 

The country’s policies, in general, have left businesses legally vulnerable to hacks due to laws requiring unnecessary data acquisition and retention, making it extremely difficult to stay safe.

However, there are signs government intervention may be on the horizon.

Customer volume

A huge business like Optus has 10.5 million customers, thanks to Australia’s captive audience. With data from a business of that size, cybercriminals could use the stolen information in mass automated phishing attempts. While a cybercriminal might only convince one in a thousand to fall for a scam this way, that’s still 10,000 Optus customers, making it a lucrative venture for threat actors.

Identity theft made easy

Getting what is often called a “burner phone” – a cell phone that doesn’t need to be under your real name – is difficult in Australia. But the kind of information stolen in the Optus breach is ideal for setting up cell phone accounts, meaning a cybercriminal could easily start an account in a customer’s name to use as a burner.

How can Australian organizations protect themselves and their customers?

There are many small-but-vital precautions organizations can take right now to protect themselves from a breach - we've recommended 18 here. Still, one of the key ways to protect your business is boosting email security with an Integrated Cloud Email Security (ICES) solution. This adds another layer of protection to both inbound and outbound emails to keep the business safe from phishing attempts and data loss.

ICES solutions are cloud-based and constantly work to detect dangerous email content through advanced recognition techniques. This type of security could stop cybercriminals from accessing customer credentials – like those stolen in the Woolworths attack – via phishing attacks and stop ransomware from being delivered the same way. We know how problematic ransomware can be – just look at the Medibank case – so removing the risk through ICES can make all the difference. 

Our own Egress Intelligent Email Security platform has been designed to mitigate inbound threats and outbound risks as employees share data via email. It comprises three products – Egress Defend, Egress Prevent and Egress Protect – which can be bought together or as individual solutions. To learn more about how Egress can help, request a personalized demo of how our Intelligent Email Security platform can help you. 

To learn more about how the Australian government is responding to these attacks, read our latest article.