The Department of Human Services (DHS) believes the Medicare card details of at least 165 Australians may have been compromised on the dark web, a number far higher than previously disclosed.
In July it was revealed that the Medicare card details of any Australian was available for purchase on a popular Dark Web site for US$22.
The vendor on the site claimed to be "exploiting a vulnerability" in a government service and said they could provide the personal Medicare card details of any Australian on request, once a full name and date of birth had been supplied. They said they had sold the card details of approximately 75 Australians via the site.
A Senate inquiry is currently underway to examine the circumstances of the breach. On Friday at a public hearing, a DHS deputy secretary, Caroline Edwards, said in response to questioning from Greens leader Richard Di Natale, that the department had contacted 165 people it believed may have in some way been linked to the sale of the cards on the Dark Web.
"Of all of that activity in 165 cases it’s potentially possible there might have been some access to the Medicare number in this incident," Edwards said.
Edwards declined to answer any more specific questions about the circumstances of the breach, due to an ongoing Australian Federal Police investigation.
But she did confirm that all attempts to access individual Medicare card records were logged in the department's online system.
"We have audit records of all legitimate access through our online channels...for accessing medical numbers for legitimate purposes," she said.
“We have an audit log of the 10.2 million transactions per year of which person accesses it.”
Her comments indicate the DHS has been able to determine the individual account that accessed the Medicare card details sold on the dark web.
The inquiry is due to report at the end of October.
Paul Farrell is a senior reporter for BuzzFeed News and is based in Sydney.
Contact Paul Farrell at email@example.com.
Got a confidential tip? Submit it here.