This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.theguardian.com/australia-news/2017/jul/04/federal-police-asked-to-investigate-darkweb-sale-of-medicare-data

The article has changed 7 times. There is an RSS feed of changes available.

Version 0 Version 1
Federal police asked to investigate darkweb sale of Medicare data Federal police asked to investigate darknet sale of Medicare data
(about 1 hour later)
The human services minister, Alan Tudge, has asked Australian federal police to investigate the sale of Medicare card details on a darkweb auction site. The human services minister, Alan Tudge, has asked Australian federal police to investigate the sale of Medicare card details on a darknet auction site.
On Tuesday the Guardian revealed that a darknet trader is illegally selling the Medicare details of any Australian on request by “exploiting a vulnerability” in a government system, raising concerns that the health agency may be seriously compromised.On Tuesday the Guardian revealed that a darknet trader is illegally selling the Medicare details of any Australian on request by “exploiting a vulnerability” in a government system, raising concerns that the health agency may be seriously compromised.
The Guardian verified the data was genuine by requesting a Guardian staff member’s Medicare card details from the seller.The Guardian verified the data was genuine by requesting a Guardian staff member’s Medicare card details from the seller.
“Claims made in the Guardian newspaper that Medicare card numbers are able to be purchased on the dark web are being taken seriously by the government and are under investigation,” Tudge said on Tuesday.“Claims made in the Guardian newspaper that Medicare card numbers are able to be purchased on the dark web are being taken seriously by the government and are under investigation,” Tudge said on Tuesday.
“These claims have also been referred to the Australian federal police.“These claims have also been referred to the Australian federal police.
“The Department of Human Services receives ongoing advice and assurance regarding its cyber security capabilities from the Australian Signals Directorate, the nation’s top cyber security agency.”“The Department of Human Services receives ongoing advice and assurance regarding its cyber security capabilities from the Australian Signals Directorate, the nation’s top cyber security agency.”
The statement suggests the Department of Human Services was not aware of the sale of Medicare data until contacted by the Guardian, which has chosen not to disclose the details of the auction site or seller.The statement suggests the Department of Human Services was not aware of the sale of Medicare data until contacted by the Guardian, which has chosen not to disclose the details of the auction site or seller.
The investigation is likely to draw further attention to Australia’s cyber security defences. Several government agencies have faced criticism from the Australian National Audit Office over their handling of sensitive information. Experts have frequently warned that Australia has a skills shortage in technical cybersecurity that could be placing data at risk.The investigation is likely to draw further attention to Australia’s cyber security defences. Several government agencies have faced criticism from the Australian National Audit Office over their handling of sensitive information. Experts have frequently warned that Australia has a skills shortage in technical cybersecurity that could be placing data at risk.
The Labor MP Tim Watts said the case raised concerns about the department’s monitoring of darkweb sites. The Labor MP Tim Watts said the case raised concerns about the department’s monitoring of darknet sites.
“A ‘no comment’ from DHS isn’t good enough at this point either. Prima facie evidence of an exploit exposing this data demands explanation,” he said on Twitter.“A ‘no comment’ from DHS isn’t good enough at this point either. Prima facie evidence of an exploit exposing this data demands explanation,” he said on Twitter.
Banks et al often pay private infosec firms to monitor markets like this for their data. Does .gov.au do similar assurance for its datasets? https://t.co/yToExCkvEyBanks et al often pay private infosec firms to monitor markets like this for their data. Does .gov.au do similar assurance for its datasets? https://t.co/yToExCkvEy
Government agencies commonly monitor websites where criminal groups sell personal information to determine whether their data has been compromised.Government agencies commonly monitor websites where criminal groups sell personal information to determine whether their data has been compromised.
The minister said the information for sale “was not sufficient to access any personal health record”.The minister said the information for sale “was not sufficient to access any personal health record”.
But the primary concern about the disclosure of Medicare card details is their value to organised crime groups because they allow them to produce fake physical Medicare cards with legitimate information that can then be used for identification fraud. These cards have been used by drug syndicates to buy goods and lease or buy property or cars.But the primary concern about the disclosure of Medicare card details is their value to organised crime groups because they allow them to produce fake physical Medicare cards with legitimate information that can then be used for identification fraud. These cards have been used by drug syndicates to buy goods and lease or buy property or cars.
The assistant treasurer, Michael Sukkar, told Sky TV the breach was “extremely concerning”.The assistant treasurer, Michael Sukkar, told Sky TV the breach was “extremely concerning”.
“It’s very alarming to me if any of that data is finding its way into hands that it shouldn’t be,” he said. “This is going to be an ongoing issue as more and more of our information ultimately is collected and stored online. Governments are going to have to be much better at protecting that data.”“It’s very alarming to me if any of that data is finding its way into hands that it shouldn’t be,” he said. “This is going to be an ongoing issue as more and more of our information ultimately is collected and stored online. Governments are going to have to be much better at protecting that data.”
The Labor frontbencher Brendan O’Connor told Sky News the government had a lot of explaining to do.The Labor frontbencher Brendan O’Connor told Sky News the government had a lot of explaining to do.
“People are rendering up, yielding their personal information to government agencies and they don’t expect them to invaded or accessed so easily as this would suggest,” he said.“People are rendering up, yielding their personal information to government agencies and they don’t expect them to invaded or accessed so easily as this would suggest,” he said.
“There is a lot of explaining to do, and there needs to be some accountability now by the minister and some explanation as to the extent and nature of the breach and what the government will do about it.”“There is a lot of explaining to do, and there needs to be some accountability now by the minister and some explanation as to the extent and nature of the breach and what the government will do about it.”
The executive officer of Electronic Frontiers Australia, Jon Lawrence, said regular data breaches had undermined the public’s trust in government agencies.
“This breach is particularly concerning as the government is working to implement a system of mandatory electronic health records,” Lawrence said. “If core identity-related information such as Medicare numbers can’t be effectively protected, the government should be seriously reconsidering its decision to mandate the creation of electronic health records for the entire population.
“Information security and privacy need to be fundamental, core priorities for all government agencies. There is unfortunately a great deal of evidence to suggest that this is not yet the case.”