A trader on the darknet is illegally selling the Medicare patient records of Australians after spotting a vulnerability in a government database.
An investigation by Guardian Australia has revealed a darknet vendor on a popular marketplace for illegal products claiming to access any Australian’s Medicare card details, on request.
“Purchase this listing and leave the first and last name, and DOB of any Australian citizen, and you will receive their Medicare patient details in full,” the listing reads.
Australian Medicare cards have been used in the past by drug syndicates to buy goods and have also been abused to defraud the government of Medicare rebates. They are particularly valuable to organized crime groups as they can be used to produce faux physical Medicare cards with legitimate information, ultimately leading to identity fraud.
Calling the service “the Medicare machine”, this particular darknet vendor has sold at least 75 Australians’ Medicare card details since October 2016. The cost for purchasing an Australian Medicare card? A relatively measly 0.0089 bitcoins, about $22.
The darknet vendor claims to be “exploiting a vulnerability which has a much more sold foundation which means not only will it be a lot faster and easier for myself, but it will be here to stay. I hope, lol.”
Upon requesting the data of a Guardian staff member, the investigation confirmed the legitimacy of the Medicare details stolen by the darknet vendor upon verification.
It is highlight likely that the vendor is accessing Medicare records in real-time, as per the claim of “exploiting a vulnerability” in a present
The publication has made a number of authorities – the Department of Health and the Australian Federal Police – aware of the breach. A spokesperson for the Department of Human Services confirmed that the agency was working with other government agencies to investigate the sale of Medicare records. Notably, the spokesperson added that investigations into “activities on the dark web continually occur.”
She further stated:
The Department takes the security of personal data extremely seriously. Thorough investigations are conducted whenever claims such as this are made.
Image credit: Pixabay.