Breaking News
Investing Pro 0
New Year’s SALE: Up to 40% OFF InvestingPro+ CLAIM OFFER

Paying off hackers is common, says top Australian govt cybersecurity firm

Stock Markets Oct 25, 2022 12:08PM ET
Saved. See Saved Items.
This article has already been saved in your Saved Items
© Reuters. FILE PHOTO: A woman walks past a branch of the Australian health insurer Medibank Private in Sydney October 20, 2014. REUTERS/David Gray

By Byron Kaye

SYDNEY (Reuters) -Corporate insurers routinely pay hackers a ransom for the return of stolen customer data, a top Australian government cybersecurity provider said on Tuesday, as the country's biggest health insurer revealed the growing scale of a recent breach.

The claim from Macquarie Telecom Group Ltd, which runs cybersecurity for 42% of Australian federal employees, including the Australian Taxation Office, gives a sense of a lack of preparedness in an industry that has been in the spotlight amid a wave of high-profile hacks in the past month.

"These are the largest corporations in the world, falling over themselves to pay criminals as fast as possible to cap their liability," Macquarie CEO David Tudehope told Reuters in an interview, referring to cyber insurance firms that he did not name. "In what other sphere of life do you see reputable corporates pay millions of dollars to criminals and somehow it's all okay?"

Insurers who paid ransom to hackers had no way of ensuring data was deleted, meaning sensitive customer information remained at risk of being exposed online, Tudehope added.

This month Australia's largest health insurer, Medibank Private Ltd, revealed that a criminal had shown it stolen personal health data of 100 of its 4 million customers and demanded payment for the data's return. On Tuesday, Medibank said the criminal had shown data of another 1,000 customers and added that the number was likely to grow.

The country's No. 2 telco, Singapore Telecommunciations Ltd-owned Optus, said last month about 10 million customer accounts, equivalent to 40% of the Australian population, had data taken by a hacker demanding payment. A person claiming to be the Optus hacker later withdrew the demand over concerns about publicity.

The federal government has meanwhile said it would introduce fines of up to A$50 million for companies on the receiving end of data breaches.

"This is an enormous wake up call for the country," Cyber Security Clare O'Neil told parliament. "We need to do more as a country to step up."

A national crisis management group, set up during the COVID outbreak, was activated on Saturday and has met three times to discuss the Medibank hack, O'Neill added.

Tudehope, the Macquarie Telecom CEO, declined to comment on any incidents but blamed, in part, underprepared cybersecurity chiefs who were too focused on internal stakeholder management and too reliant on all-in-one protections like firewall software.

"The challenge in cyber is it just changes so quickly and the people in senior management who, in many cases, do not have the background in cybersecurity because it wasn't a thing as they worked their way up through their career," Tudehope said.

"They're making decisions they don't have a strong understanding of in many cases," he added. "The people who have a deeper level of IT security (knowledge) are often at junior or middle levels of an IT department or government agency."

Tudehope said most companies would receive cyber attacks and should have a recovery plan, such as having confidential data backed frequently up in a separate location, to ensure hackers could not access it.

Paying off hackers is common, says top Australian govt cybersecurity firm

Related Articles

Add a Comment

Comment Guidelines

We encourage you to use comments to engage with other users, share your perspective and ask questions of authors and each other. However, in order to maintain the high level of discourse we’ve all come to value and expect, please keep the following criteria in mind:  

  •            Enrich the conversation, don’t trash it.

  •           Stay focused and on track. Only post material that’s relevant to the topic being discussed. 

  •           Be respectful. Even negative opinions can be framed positively and diplomatically. Avoid profanity, slander or personal attacks directed at an author or another user. Racism, sexism and other forms of discrimination will not be tolerated.

  • Use standard writing style. Include punctuation and upper and lower cases. Comments that are written in all caps and contain excessive use of symbols will be removed.
  • NOTE: Spam and/or promotional messages and comments containing links will be removed. Phone numbers, email addresses, links to personal or business websites, Skype/Telegram/WhatsApp etc. addresses (including links to groups) will also be removed; self-promotional material or business-related solicitations or PR (ie, contact me for signals/advice etc.), and/or any other comment that contains personal contact specifcs or advertising will be removed as well. In addition, any of the above-mentioned violations may result in suspension of your account.
  • Doxxing. We do not allow any sharing of private or personal contact or other information about any individual or organization. This will result in immediate suspension of the commentor and his or her account.
  • Don’t monopolize the conversation. We appreciate passion and conviction, but we also strongly believe in giving everyone a chance to air their point of view. Therefore, in addition to civil interaction, we expect commenters to offer their opinions succinctly and thoughtfully, but not so repeatedly that others are annoyed or offended. If we receive complaints about individuals who take over a thread or forum, we reserve the right to ban them from the site, without recourse.
  • Only English comments will be allowed.
  • Any comment you publish, together with your profile, will be public on and may be indexed and available through third party search engines, such as Google.

Perpetrators of spam or abuse will be deleted from the site and prohibited from future registration at’s discretion.

Write your thoughts here
Are you sure you want to delete this chart?
Post also to:
Replace the attached chart with a new chart ?
Your ability to comment is currently suspended due to negative user reports. Your status will be reviewed by our moderators.
Please wait a minute before you try to comment again.
Thanks for your comment. Please note that all comments are pending until approved by our moderators. It may therefore take some time before it appears on our website.
Are you sure you want to delete this chart?
Replace the attached chart with a new chart ?
Your ability to comment is currently suspended due to negative user reports. Your status will be reviewed by our moderators.
Please wait a minute before you try to comment again.
Add Chart to Comment
Confirm Block

Are you sure you want to block %USER_NAME%?

By doing so, you and %USER_NAME% will not be able to see any of each other's's posts.

%USER_NAME% was successfully added to your Block List

Since you’ve just unblocked this person, you must wait 48 hours before renewing the block.

Report this comment

I feel that this comment is:

Comment flagged

Thank You!

Your report has been sent to our moderators for review
Continue with Google
Sign up with Email