This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.theguardian.com/australia-news/2017/jul/04/federal-police-asked-to-investigate-darkweb-sale-of-medicare-data

The article has changed 7 times. There is an RSS feed of changes available.

Version 2 Version 3
Federal police asked to investigate darknet sale of Medicare data Darknet sale of Medicare data 'traditional criminal activity', minister says
(about 2 hours later)
The human services minister, Alan Tudge, has asked Australian federal police to investigate the sale of Medicare card details on a darknet auction site. The human services minister, Alan Tudge, has sought to downplay the sale of any Australians’ Medicare details by a darknet vendor after facing heavy pressure from the opposition and privacy groups.
On Tuesday the Guardian revealed that a darknet trader is illegally selling the Medicare details of any Australian on request by “exploiting a vulnerability” in a government system, raising concerns that the health agency may be seriously compromised.On Tuesday the Guardian revealed that a darknet trader is illegally selling the Medicare details of any Australian on request by “exploiting a vulnerability” in a government system, raising concerns that the health agency may be seriously compromised.
The Guardian verified the data was genuine by requesting a Guardian staff member’s Medicare card details from the seller.The Guardian verified the data was genuine by requesting a Guardian staff member’s Medicare card details from the seller.
“Claims made in the Guardian newspaper that Medicare card numbers are able to be purchased on the dark web are being taken seriously by the government and are under investigation,” Tudge said on Tuesday. Tudge initially said he referred the matter to the Australian federal police for investigation but has faced mounting pressure from the Labor opposition over the seriousness of the breach.
“These claims have also been referred to the Australian federal police. In a later press conference on Tuesday, Tudge said: “The advice I have received from the chief information officer in my department is that there has not been a cyber security breach of our systems as such but rather it is more likely to have been a traditional criminal activity”.
“The Department of Human Services receives ongoing advice and assurance regarding its cyber security capabilities from the Australian Signals Directorate, the nation’s top cyber security agency.” He declined to answer questions about the details of the breach but confirmed that he and his department only became aware of the sale of Medicare data which has been available since October 2016 and has sold 75 Australians’ personal data when contacted by the Guardian on Monday.
The statement suggests the Department of Human Services was not aware of the sale of Medicare data until contacted by the Guardian, which has chosen not to disclose the details of the auction site or seller. The Guardian has chosen not to disclose the details of the auction site or seller.
Catherine King, the shadow minister for human services, and Linda Burney, the shadow minister for human services, said the breach was “incomprehensible”.
“The revelation that Australians’ Medicare identities are available for purchase on the darkweb is incomprehensible. But equally disturbing is the Turnbull government’s incompetent response,” they said in a joint statement.
“The government’s attempt to dodge questions on this simply isn’t good enough – the lack of information on this serious security breach is pathetic and Australians deserve better.”
The investigation is likely to draw further attention to Australia’s cyber security defences. Several government agencies have faced criticism from the Australian National Audit Office over their handling of sensitive information. Experts have frequently warned that Australia has a skills shortage in technical cybersecurity that could be placing data at risk.The investigation is likely to draw further attention to Australia’s cyber security defences. Several government agencies have faced criticism from the Australian National Audit Office over their handling of sensitive information. Experts have frequently warned that Australia has a skills shortage in technical cybersecurity that could be placing data at risk.
The Labor MP Tim Watts said the case raised concerns about the department’s monitoring of darknet sites.The Labor MP Tim Watts said the case raised concerns about the department’s monitoring of darknet sites.
“A ‘no comment’ from DHS isn’t good enough at this point either. Prima facie evidence of an exploit exposing this data demands explanation,” he said on Twitter.“A ‘no comment’ from DHS isn’t good enough at this point either. Prima facie evidence of an exploit exposing this data demands explanation,” he said on Twitter.
Banks et al often pay private infosec firms to monitor markets like this for their data. Does .gov.au do similar assurance for its datasets? https://t.co/yToExCkvEyBanks et al often pay private infosec firms to monitor markets like this for their data. Does .gov.au do similar assurance for its datasets? https://t.co/yToExCkvEy
Government agencies commonly monitor websites where criminal groups sell personal information to determine whether their data has been compromised.Government agencies commonly monitor websites where criminal groups sell personal information to determine whether their data has been compromised.
The minister said the information for sale “was not sufficient to access any personal health record”.The minister said the information for sale “was not sufficient to access any personal health record”.
But the primary concern about the disclosure of Medicare card details is their value to organised crime groups because they allow them to produce fake physical Medicare cards with legitimate information that can then be used for identification fraud. These cards have been used by drug syndicates to buy goods and lease or buy property or cars.But the primary concern about the disclosure of Medicare card details is their value to organised crime groups because they allow them to produce fake physical Medicare cards with legitimate information that can then be used for identification fraud. These cards have been used by drug syndicates to buy goods and lease or buy property or cars.
The assistant treasurer, Michael Sukkar, told Sky News the breach was “extremely concerning”.The assistant treasurer, Michael Sukkar, told Sky News the breach was “extremely concerning”.
“It’s very alarming to me if any of that data is finding its way into hands that it shouldn’t be,” he said. “This is going to be an ongoing issue as more and more of our information ultimately is collected and stored online. Governments are going to have to be much better at protecting that data.”“It’s very alarming to me if any of that data is finding its way into hands that it shouldn’t be,” he said. “This is going to be an ongoing issue as more and more of our information ultimately is collected and stored online. Governments are going to have to be much better at protecting that data.”
The Labor frontbencher Brendan O’Connor told Sky News the government had a lot of explaining to do.The Labor frontbencher Brendan O’Connor told Sky News the government had a lot of explaining to do.
“People are rendering up, yielding their personal information to government agencies and they don’t expect them to invaded or accessed so easily as this would suggest,” he said.“People are rendering up, yielding their personal information to government agencies and they don’t expect them to invaded or accessed so easily as this would suggest,” he said.
“There is a lot of explaining to do, and there needs to be some accountability now by the minister and some explanation as to the extent and nature of the breach and what the government will do about it.”“There is a lot of explaining to do, and there needs to be some accountability now by the minister and some explanation as to the extent and nature of the breach and what the government will do about it.”
The executive officer of Electronic Frontiers Australia, Jon Lawrence, said regular data breaches had undermined the public’s trust in government agencies.The executive officer of Electronic Frontiers Australia, Jon Lawrence, said regular data breaches had undermined the public’s trust in government agencies.
“This breach is particularly concerning as the government is working to implement a system of mandatory electronic health records,” Lawrence said. “If core identity-related information such as Medicare numbers can’t be effectively protected, the government should be seriously reconsidering its decision to mandate the creation of electronic health records for the entire population.“This breach is particularly concerning as the government is working to implement a system of mandatory electronic health records,” Lawrence said. “If core identity-related information such as Medicare numbers can’t be effectively protected, the government should be seriously reconsidering its decision to mandate the creation of electronic health records for the entire population.
“Information security and privacy need to be fundamental, core priorities for all government agencies. There is unfortunately a great deal of evidence to suggest that this is not yet the case.”“Information security and privacy need to be fundamental, core priorities for all government agencies. There is unfortunately a great deal of evidence to suggest that this is not yet the case.”