Less than a month after Optus announced their cyber attack situation, another Australian company suffered the same fate at the hands of a different cybercriminal. This time, it was Medibank, an Australian private health insurance provider. Medibank first detected unusual activities on October 13 and then identified it as a possible ransomware threat on October 17. Two days later, the cybercriminal approached Medibank claiming to have stolen millions of data. Today, these data are being released into the dark web as they demand ransom payments.

While Medibank believes that the cybercriminal was not able to access the credit card and banking details, they did manage to access:

• Personally identifiable information such as names, dates of birth, addresses, phone numbers, and email addresses of 9.7 million current and former customers

• Government documents such as Medicare and passport numbers, and visa details

• Health provider details and health claims data

Both cyber attacks on Optus and Medibank have left millions of Australians vulnerable to further cyber attacks, with some being customers of both Optus and Medibank. Frequent cyber attacks on large organizations have left a black mark and have detrimentally affected their brand and the trust of their customers.

While changing email addresses and phone numbers can be easy, compromised sensitive documents such as Medicare ID, driver's license, and passport documents can be difficult to change. Once exposed, cybercriminals can continually use these forms of identification to defraud their victims. A fraudster can repeatedly recite the information or provide the documents to claim a false identity. In the aftermath of a cyber attack, organizations must adapt and integrate better cyber security measures to safeguard themselves and their customers against future threats. Providing secure, yet streamlined, services to affected victims become a top priority as traditional identity verification methods become less effective.

Fortunately, organizations can take advantage of Auraya's EVA Voice Biometrics solution to provide secure, yet seamless, identity verification experiences. Users simply need to say their phone number or account number to verify their identity. EVA Voice Biometrics can replace traditional and insecure verification methods such as PINs, passwords, and security questions or be used as additional step-up security. 

Additionally, EVA Voice Biometrics shines when it comes to protecting compromised victims. Cybercriminals with stolen identities will struggle to defraud victim accounts as they will be required to provide more than just personally identifiable information to verify their identity. Their voice must also match the voiceprint of the claimed identity. Hence, while cybercriminals may be able to impersonate their victims by answering questions correctly, EVA Voice Biometrics will be able to pick up if the person is the true claimed identity or not. This adds an extra layer of security, especially for victims of cyber attacks whose data has been compromised.

The big takeaway is that organizations should not solely rely on a person’s name, date of birth, address, and phone number to verify customer identity. Adding voice biometrics identity verification, either as a replacement or as an additional verification step, helps improve the security and integrity of an organization’s cybersecurity system.