Medibank incurred $7.5 million in direct tech costs after cyber attack

By

Admin costs dominated breach expenses.

Medibank has revealed a breakdown of its $46.4 million data breach expense amount incurred after a high-profile cyber incident last year.

Medibank incurred $7.5 million in direct tech costs after cyber attack

In the health insurer's 2023 annual report [pdf], released today, it said that the $46.4 million expenses from the breach comprised $22 million of administration expenses, $15.6 million in employee benefits expenses, $7.5 million in extra technology expenses, and $1.2 million in marketing expense.

The coming year is anticipated to bring another $30 million and $35 million in costs.

These cover “further IT security uplift and legal and other costs related to regulatory investigations and litigation” associated with the data breach but exclude penalties that could stem from various regulatory and legal actions underway.

The annual report is independently audited by PwC Australia, which notes in some detail the extra assurance work it had to perform, due to the cyber incident.

PwC noted that to give the okay to Medibank’s annual report, it had to determine whether the cybercrime event impacted the accuracy of the company’s financial reporting.

That included whether or not Medibank’s monitoring of “discrepancies or inconsistencies in financial reporting information”.

PwC noted that it “agreed, on a sample basis, the reliability and validity of underlying financial reporting information obtained from breached systems to an alternative data source”.

In the October 2022 data breach of Medibank, attackers obtained the credentials of a third-party contractor. That resulted in the leak of information on 9.7 million customers.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Actor auth tokens gave Global Admin access across Azure Entra ID tenants

Actor auth tokens gave Global Admin access across Azure Entra ID tenants

First npm worm "Shai-Hulud" released in supply chain attack

First npm worm "Shai-Hulud" released in supply chain attack

"VoidProxy" PhishKit targets Google and Microsoft users

"VoidProxy" PhishKit targets Google and Microsoft users

NSW gov third party-linked cyber incidents quadruple in two years

NSW gov third party-linked cyber incidents quadruple in two years

Log In

  |  Forgot your password?