Blog

Lessons Learned from Recent Cyber Incidents – Here’s Why it’s Time to Strengthen Your Response Plan

Sheena Shrivastava
May 2, 2025
Home

Let's Get STARTED

In recent years, Australia has found itself at the forefront of a worrying trend – a sharp rise in high-profile cyber incidents that have exposed vulnerabilities in some of the nation’s most trusted organisations. From telecommunications giants to healthcare providers, retailers and energy suppliers, the breadth of these attacks shows that no sector is immune. And while the scale and sophistication of these breaches vary, they all serve as sobering reminders of what’s at stake in the face of an evolving threat landscape.

For business leaders and security teams, these incidents aren’t just headlines – they’re wake-up calls. Beyond the immediate damage to customer trust, reputations and financial performance, each breach reveals critical insights into how organisations can improve their cyber readiness. The truth is, many businesses still rely on outdated or underdeveloped response plans – and that gap can mean the difference between a controlled incident and a full-blown crisis.

 

The Optus Data Breach – A Turning Point for Australian Cyber security

The Optus data breach in September 2022 marked a major turning point in how Australians view cyber security. Affecting nearly 10 million customers, the breach saw sensitive personal information (including names, addresses, passport numbers and driver’s licence details) fall into the wrong hands. For many, it was the first time a cyber incident of this scale hit so close to home, highlighting the real-world implications of poor data protection practices.

The breach reportedly stemmed from an unauthenticated API endpoint – a vulnerability that could have been avoided with basic security controls. While the technical flaw itself was alarming, it was the response that drew the most criticism. Delayed public communication, inconsistent messaging, and a lack of clear guidance for affected customers added to the reputational damage.

In the months that followed, concerns resurfaced as Optus customers continued to face secondary attacks, including phishing and identity fraud attempts, leveraging stolen data from the original breach. No new breach of Optus systems was confirmed, highlighting the long tail of cyber incidents even after an initial compromise is contained.

What are the takeaways?

  • Know Your Attack Surface: Regularly audit your APIs, cloud environments and endpoints to ensure you’re not exposing unprotected access points. Simple misconfigurations can lead to catastrophic outcomes.
  • Prioritise Communication: In the wake of the Optus data breach, slow and unclear communication worsened public perception. Having a clear crisis communications plan, including pre-drafted templates and a designated spokesperson, is essential.
  • Prepare for the Long Game: The fact that Optus was hacked again shows that attackers and opportunists often exploit breach data over time. Your response plan should include provisions for long-term monitoring, customer support, and data misuse tracking.

The Optus incident served as a wake-up call; not just for telcos, but for all businesses holding large volumes of customer data. It highlighted that effective breach response is about more than just shutting down the threat – it’s about maintaining transparency, minimising damage, and restoring trust.

 

The Medibank Digital Break-In – When Healthcare Becomes a Cyber Target

The Medibank data breach incident in late 2022 drew national attention not only for its impact, but for what it revealed about vulnerabilities within Australia’s healthcare and government systems. Hackers managed to access and sell Medibank card details – allegedly sourced from compromised access credentials linked to a government services portal on the dark web.

This breach was particularly unsettling because it involved some of the most sensitive personal information Australians possess. Medibank data is tied to a person’s identity and healthcare history, making it a valuable commodity for cybercriminals engaged in identity theft and fraud.

While the full scope of the attack was not publicly disclosed, it sparked widespread debate around the security of digital identity systems, third-party access controls, and the responsibility of government agencies to safeguard citizen data. The Medibank data breach also revealed how attackers are increasingly targeting trusted systems in order to undermine public confidence in digital infrastructure.

What are the takeaways?

  • Limit Privileged Access: One of the suspected causes of the Medibank data breach was compromised third-party credentials. Implementing strict access controls and regularly reviewing third-party integrations is critical in reducing exposure.
  • Invest in Dark Web Monitoring: Proactively monitoring the dark web for leaked data related to your organisation can help you act quickly before the fallout escalates. In the Medibank case, earlier detection may have limited the extent of the breach.
  • Security in Digital Transformation: As organisations (especially those in healthcare and government) continue to digitise services, security must be built into every layer. This includes identity verification processes, authentication systems, and regular penetration testing.

The Medibank data breach showed that even highly regulated, government-linked platforms are not immune to cyber threats. It served as a stark reminder that cyber resilience must be a central priority in any digital service delivery model.

 

The Woolworths MyDeal Data Breach – Third-Party Platforms, First-Class Risks

In October 2022, Woolworths found itself in the cyber security spotlight following the now infamous Woolworths MyDeal data breach, which exposed the personal details of approximately 2.2 million customers. The attack targeted MyDeal, an online marketplace owned by Woolworths Group, after a threat actor gained unauthorised access to the platform’s customer database through compromised user credentials.

While the data accessed did not include payment details or passwords, it did involve names, email addresses, phone numbers, and in some cases delivery addresses. For many customers, it was an uncomfortable reminder that even routine online purchases can become an entry point for cybercrime.

What made the Woolworths MyDeal data breach particularly noteworthy was its connection to a major Australian retail brand. At the time of the incident, MyDeal had recently been acquired by Woolworths Group in 2022, and integration of security systems and controls was still underway.

What are the takeaways?

  • Secure the Entire Supply Chain: Cyber security doesn’t stop at your organisation’s perimeter – if you’re acquiring or partnering with digital platforms, you inherit their risk profile. With this in mind, you need to conduct due diligence and ensure those third parties meet your security standards.
  • Enforce Credential Hygiene: The breach reportedly stemmed from compromised login details. Encouraging and enforcing multi-factor authentication (MFA) across all systems (especially those handling customer data) is a basic but vital defence.
  • Be Transparent, Fast: Woolworths acted swiftly to notify impacted customers, which helped mitigate reputational damage – this reinforces the importance of a rehearsed breach notification process within your response plan.

The Woolworths MyDeal data breach serves as a case study in how third-party vulnerabilities can quickly become your own. For any organisation working within a digital ecosystem (particularly in retail) a proactive and holistic security posture is no longer optional, it’s essential.

 

The EnergyAustralia Account Hacks – When Customer Portals Become Attack Vectors

In late 2022, the utilities sector was shaken when “EnergyAustralia hacked” headlines began making the rounds. The breach involved unauthorised access of over 320 customer accounts via the company’s My Account portal. While no financial information was stolen, exposed data included names, addresses, energy usage details and in some cases partial credit card numbers.

What made this incident particularly concerning was the method of attack – credential stuffing. This is where cybercriminals use stolen usernames and passwords from previous breaches to try and gain access to accounts on other platforms. It’s a growing issue in an age where password reuse is still alarmingly common among consumers.

Though the number of affected accounts was relatively small compared to other breaches, EnergyAustralia being hacked demonstrated how even limited-scale intrusions can have significant privacy implications, especially when they affect critical infrastructure providers.

What are the takeaways?

  • Defend Against Credential Stuffing: Implementing rate-limiting, MFA, and CAPTCHA challenges can significantly reduce the success of automated login attempts. EnergyAustralia’s incident shows how vulnerable customer-facing portals can be without these protections.
  • Educate Customers on Password Hygiene: While organisations can’t control customer behaviour, they can guide it. Encouraging the use of strong, unique passwords and password managers (and flagging reused credentials) can make a real difference.
  • Prioritise Incident Detection: Quick detection and containment prevented the breach from escalating. Your response plan should include automated alerts for unusual login patterns and repeated failed attempts, especially in customer portals.

EnergyAustralia getting hacked reinforces the idea that customer account protection is a shared responsibility – but it starts with robust backend controls and a clear, fast response when something goes wrong. For companies in essential services, maintaining customer trust is as critical as delivering the service itself.

 

Resilience Over Assumption – Why Incident Response Matters More Than Ever

These recent incidents are not just cautionary tales for large corporations; they’re reminders that even with controls in place, no organisation is immune to the evolving threat landscape. Cyber security is no longer just an IT issue – it’s a business-critical risk that requires proactive and continuous management. While prevention tools are essential, they form only part of a truly resilient security posture. The ability to respond swiftly, contain the damage, and recover with confidence is what separates a disruption from a disaster.

This is where awareness training and a well-rehearsed incident response plan come into play. Building a security-aware culture ensures your people become a strong first line of defence. Coupled with a clear, expert-led response strategy, it means your organisation is prepared not just for if an incident occurs, but when.

At Infotrust, our dedicated incident response services are designed to help Australian organisations detect, respond to, and recover from cyber threats – with speed, clarity, and confidence. Whether you’re looking to validate your current plan or need expert guidance in real time, we’re here to support your business every step of the way. Simply get in touch.

 

Don’t wait for a breach to test your response.

Get in touch with our team to strengthen your cyber resilience today.