Medibank’s lack of multi-factor authentication allowed hackers to infiltrate systems, regulator alleges

Court documents allege insurer's network was configured so that only a username and password was required to gain access

• Follow our Australia news live blog for latest updates
• Get our morning and afternoon news emails, free app or daily news podcast

Medibank's failure to require its workers to use multi-factor authentication is what allowed hackers to obtain the personal information of its customers, the Australian privacy regulator alleges in new court documents.

The hack on Medibank resulted in the personal details of 9.7 million current and former customers - including 5.1 million Medibank customers, 2.8 million ahm customers and 1.8 million international customers - being published on the dark web.