The federal government minister in charge of Australia's Medicare program has sought to downplay security concerns around Medicare card data being stolen and sold online.
The Guardian this morning revealed that personal Medicare details were on offer for less than $30 each on a dark web site known for trading illegal products.
It reported that the trader was able to access the data "on request" by exploiting a vulnerability on a government system.
The so-called "Medicare Machine" asks for 0.0089 bitcoin - or around A$29 - per record, and has reportedly sold around 75 individual records so far.
iTnews has confirmed the legitimacy of the Guardian report.
The data is of interest to criminals who could use it to defraud the government of Medicare rebates, or use the card data as part of 100 ID point checks.
But Human Services minister Alan Tudge downplayed the privacy breach, pointing out that health record details were not accessible.
"The only information claimed to be supplied was the Medicare card number," Tudge said in a statement.
The department has regardless referred the matter to the Australian Federal Police.
Tudge did not comment further on the specific claims, saying only that the government was committed to cyber security as a priority and investigation on dark web activities occured continually.
In contrast, assistant minister to the treasurer, Michael Sukkar, told Sky News this morning the report was "extremely concerning",
"We take extraordinarily seriously the data that we hold ... in order to service [individuals] through government programs," Sukkar said.
"It's very alarming to me that any of that data is finding its way into the hands of those that shouldn't have it."
He said cases like this would be "ongoing issues as more and more of our information is collected and stored online".
"Governments are going to have to be much better at protecting this data," Sukkar said.
"We will do absolutely everything possible to protect that data and if it means more work and more upgrades to our systems that's what the government will do."
The Guardian report quoted the trader as saying the exploited vulnerability has a "solid foundation" that is fast and easy and will be "here to stay".
It is unclear how the trader has been able to obtain the details. The Department of Health and Department of Human Services both manage elements of the Medicare program.
Update: Tudge later in the day claimed there had been no breach of DHS systems and the matter was more likely to have been perpetrated by "traditional criminals".
