Medicare details of all Australians for sale on dark web
The federal government is investigating claims that the Medicare details of any Australian are up for sale on the dark web for the equivalent of around $30 each.
A Guardian Australia investigation found that a vendor on the dark web claims to be able to supply Medicare card details on request if supplied with a card owner’s name and date of birth.
The listing claims the seller is able to exploit a vulnerability in a government system to secure the card details — a vulnerability which has a solid foundation and is “here to stay”. The vendor has sold at least 75 details since October last year. The price for each target is 0.0089 bitcoins, worth around $30.
The Guardian tested the veracity of the listing by purchasing the Medicare details including card number and personal IRN of one of its staff and confirmed that these details are accurate.
Medicare card details could potentially be used for identity theft or in rebate claim scams. But Minister for Human Services Alan Tudge downplayed the significance of the incident.
“I have received assurance that the information obtained by the journalist was not sufficient to access any personal health record. The only information claimed to be supplied by the site was the Medicare card number. The journalist was asked to provide his own name and date of birth in order to obtain the Medicare card number,” he said in a statement.
Tudge added that the government is taking the report seriously, is investigating the claims and has referred the incident to the AFP.
“Any apparent unauthorised access to Medicare card numbers is nevertheless of great concern. I cannot comment on cyber operations; however, I confirm that investigations into activities on the dark web occur continually,” he said.
“The security of personal data is an extremely serious matter. Thorough investigations are conducted whenever claims such as this are made.”
Acting Opposition Leader Tanya Plibersek demanded answers about what she called the “internet catastrophe”. She said it is critical for the government to immediately explain how many records have been breached, as well as when it found out that the security risk was occurring and what the government is doing to notify victims.
More informed, higher quality and faster decisions can be made when data is presented properly at...
The Local Government Association of Queensland has previewed LG Sherlock, a planned data...
Most US agencies are not even attempting to meet legislated requirements for consolidating and...