SDC Rewards Member Upgrade yours now
The Conversation

The Conversation

Moderator
Staff member
Jun 15, 2022
1,024
1,997
113
I’ve Given Out My Medicare Number. How Worried Should I Be About The Latest Optus Data Breach?

Medicare card numbers are the latest personal details to be exposed as part of the Optus data breach.

Optus has confirmed this affects 14,900 valid Medicare numbers that have not expired, and a further 22,000 expired card numbers.

But this isn’t the first time Australians’ Medicare numbers have been exposed. And some privacy and cybersecurity experts have long been concerned about the security of our health data.

Here’s what you can do if you’re concerned about the latest Medicare breach, and what needs to happen next.



What’s the big deal?​

Your Medicare number gives you access to subsidised services across Australia’s health system. Most Australians have a number, whether or not they use these services.

Your Medicare card (as a plastic card or digitally, on your phone) is an official identifier. So alongside a driver’s licence, tax file number, birth certificate and passport, it can also be used as “proof of identity”. You may have supplied your Medicare number when opening a bank account, or signing up for a phone plan.

The idea is to minimise the chance people are using fake identities to wrongfully gain benefits from governments and business, including taking part in criminal activities such as money laundering.



Businesses and agencies are not meant to match your Medicare number with other data (eroding your privacy) other than in exceptional circumstances.

But they commonly accept sight of the physical/digital card bearing the number as proof of who you claim to be and risk data breaches by retaining copies of what they saw. Optus was such a business.

What should happen to protect your Medicare number?​

In theory, your Medicare number is protected by a number of different types of legislation – both national and at the state/territory level.

There are privacy laws. These are meant to prevent businesses and government agencies from unauthorised use of Medicare and other official identifiers for profiling people. These laws are also meant to prevent undisclosed sharing with other entities, such as individuals or businesses.

Then there are cybersecurity and other criminal laws. These also aim to prevent unauthorised access, sale and sharing of your Medicare number and other data (known as metadata) stored by telecommunication providers.

Has this happened before?​

Medicare numbers have been breached before, in 2017. An official inquirynoted trade in stolen Medicare numbers on the dark web.

The 2017 breach was apparently much larger, but the Optus numbers may grow as the investigation continues.

Experts have also raised concern about the government’s authorised release in 2016 of apparently de-identified health data. In fact, patient details could be identified, using a number of simple steps.

These two earlier examples should have meant both health agencies and businesses have taken extra care about their obligations to safeguard health data.




What if your Medicare number has been exposed?​

Unauthorised use of a Medicare number doesn’t necessarily result in large-scale identity crime.

For instance, Minister for Government Services Bill Shorten has said a Medicare number alone cannot unlock access to someone’s myGov account (and therefore access to someone’s welfare or tax details).

However, the Optus data breach – and future data breaches in the public and private sector – does provide Australian and overseas criminals with a set of identifiers (including passport and driver’s licence numbers), that can be used for a range of identity crimes, such as impersonating someone else.

Optus is advising affected customers to replace their Medicare card, at no cost, via their Medicare online account at myGov, the Express Plus Medicare mobile app, or by calling Medicare on 132 011.

Further details are available via Services Australia.



What else needs to happen?​

As with many data breaches, details about what happened at Optus, how and who is affected are only slowly trickling out.

The Office of the Australian Information Commission – the national privacy regulator – needs to run a rigorous and detailed investigation and release its findings publicly.

This needs to be accompanied by a hard-hitting independent inquiry of what happened at Optus. This requires IT expertise, which the Office of the Australian Information Commission may not have. Such an inquiry would also demonstrate Optus’ commitment to learn from any failures.



As we have seen before, businesses and government agencies cannot assume a data breach “won’t happen to them”. We need to find out what happened at Optus to ensure the future privacy of some of our most personal data.

This article was first published on The Conversation, and was written by Bruce Baer, Arnold Associate Professor, School of Law, University of Canberra
 
Medicare card numbers are the latest personal details to be exposed as part of the Optus data breach.

Optus has confirmed this affects 14,900 valid Medicare numbers that have not expired, and a further 22,000 expired card numbers.

But this isn’t the first time Australians’ Medicare numbers have been exposed. And some privacy and cybersecurity experts have long been concerned about the security of our health data.

Here’s what you can do if you’re concerned about the latest Medicare breach, and what needs to happen next.



What’s the big deal?​

Your Medicare number gives you access to subsidised services across Australia’s health system. Most Australians have a number, whether or not they use these services.

Your Medicare card (as a plastic card or digitally, on your phone) is an official identifier. So alongside a driver’s licence, tax file number, birth certificate and passport, it can also be used as “proof of identity”. You may have supplied your Medicare number when opening a bank account, or signing up for a phone plan.

The idea is to minimise the chance people are using fake identities to wrongfully gain benefits from governments and business, including taking part in criminal activities such as money laundering.



Businesses and agencies are not meant to match your Medicare number with other data (eroding your privacy) other than in exceptional circumstances.

But they commonly accept sight of the physical/digital card bearing the number as proof of who you claim to be and risk data breaches by retaining copies of what they saw. Optus was such a business.

What should happen to protect your Medicare number?​

In theory, your Medicare number is protected by a number of different types of legislation – both national and at the state/territory level.

There are privacy laws. These are meant to prevent businesses and government agencies from unauthorised use of Medicare and other official identifiers for profiling people. These laws are also meant to prevent undisclosed sharing with other entities, such as individuals or businesses.

Then there are cybersecurity and other criminal laws. These also aim to prevent unauthorised access, sale and sharing of your Medicare number and other data (known as metadata) stored by telecommunication providers.

Has this happened before?​

Medicare numbers have been breached before, in 2017. An official inquirynoted trade in stolen Medicare numbers on the dark web.

The 2017 breach was apparently much larger, but the Optus numbers may grow as the investigation continues.

Experts have also raised concern about the government’s authorised release in 2016 of apparently de-identified health data. In fact, patient details could be identified, using a number of simple steps.

These two earlier examples should have meant both health agencies and businesses have taken extra care about their obligations to safeguard health data.




What if your Medicare number has been exposed?​

Unauthorised use of a Medicare number doesn’t necessarily result in large-scale identity crime.

For instance, Minister for Government Services Bill Shorten has said a Medicare number alone cannot unlock access to someone’s myGov account (and therefore access to someone’s welfare or tax details).

However, the Optus data breach – and future data breaches in the public and private sector – does provide Australian and overseas criminals with a set of identifiers (including passport and driver’s licence numbers), that can be used for a range of identity crimes, such as impersonating someone else.

Optus is advising affected customers to replace their Medicare card, at no cost, via their Medicare online account at myGov, the Express Plus Medicare mobile app, or by calling Medicare on 132 011.

Further details are available via Services Australia.



What else needs to happen?​

As with many data breaches, details about what happened at Optus, how and who is affected are only slowly trickling out.

The Office of the Australian Information Commission – the national privacy regulator – needs to run a rigorous and detailed investigation and release its findings publicly.

This needs to be accompanied by a hard-hitting independent inquiry of what happened at Optus. This requires IT expertise, which the Office of the Australian Information Commission may not have. Such an inquiry would also demonstrate Optus’ commitment to learn from any failures.



As we have seen before, businesses and government agencies cannot assume a data breach “won’t happen to them”. We need to find out what happened at Optus to ensure the future privacy of some of our most personal data.

This article was first published on The Conversation, and was written by Bruce Baer, Arnold Associate Professor, School of Law, University of Canberra
When the Optus data breach was first announced I received an email from Optus. Now, I haven’t been with Optus since 2000 does this mean they have kept my personal information all this time ??? Isn’t there a law against this, do any members know ??
 
Medicare card numbers are the latest personal details to be exposed as part of the Optus data breach.

Optus has confirmed this affects 14,900 valid Medicare numbers that have not expired, and a further 22,000 expired card numbers.

But this isn’t the first time Australians’ Medicare numbers have been exposed. And some privacy and cybersecurity experts have long been concerned about the security of our health data.

Here’s what you can do if you’re concerned about the latest Medicare breach, and what needs to happen next.



What’s the big deal?​

Your Medicare number gives you access to subsidised services across Australia’s health system. Most Australians have a number, whether or not they use these services.

Your Medicare card (as a plastic card or digitally, on your phone) is an official identifier. So alongside a driver’s licence, tax file number, birth certificate and passport, it can also be used as “proof of identity”. You may have supplied your Medicare number when opening a bank account, or signing up for a phone plan.

The idea is to minimise the chance people are using fake identities to wrongfully gain benefits from governments and business, including taking part in criminal activities such as money laundering.



Businesses and agencies are not meant to match your Medicare number with other data (eroding your privacy) other than in exceptional circumstances.

But they commonly accept sight of the physical/digital card bearing the number as proof of who you claim to be and risk data breaches by retaining copies of what they saw. Optus was such a business.

What should happen to protect your Medicare number?​

In theory, your Medicare number is protected by a number of different types of legislation – both national and at the state/territory level.

There are privacy laws. These are meant to prevent businesses and government agencies from unauthorised use of Medicare and other official identifiers for profiling people. These laws are also meant to prevent undisclosed sharing with other entities, such as individuals or businesses.

Then there are cybersecurity and other criminal laws. These also aim to prevent unauthorised access, sale and sharing of your Medicare number and other data (known as metadata) stored by telecommunication providers.

Has this happened before?​

Medicare numbers have been breached before, in 2017. An official inquirynoted trade in stolen Medicare numbers on the dark web.

The 2017 breach was apparently much larger, but the Optus numbers may grow as the investigation continues.

Experts have also raised concern about the government’s authorised release in 2016 of apparently de-identified health data. In fact, patient details could be identified, using a number of simple steps.

These two earlier examples should have meant both health agencies and businesses have taken extra care about their obligations to safeguard health data.




What if your Medicare number has been exposed?​

Unauthorised use of a Medicare number doesn’t necessarily result in large-scale identity crime.

For instance, Minister for Government Services Bill Shorten has said a Medicare number alone cannot unlock access to someone’s myGov account (and therefore access to someone’s welfare or tax details).

However, the Optus data breach – and future data breaches in the public and private sector – does provide Australian and overseas criminals with a set of identifiers (including passport and driver’s licence numbers), that can be used for a range of identity crimes, such as impersonating someone else.

Optus is advising affected customers to replace their Medicare card, at no cost, via their Medicare online account at myGov, the Express Plus Medicare mobile app, or by calling Medicare on 132 011.

Further details are available via Services Australia.



What else needs to happen?​

As with many data breaches, details about what happened at Optus, how and who is affected are only slowly trickling out.

The Office of the Australian Information Commission – the national privacy regulator – needs to run a rigorous and detailed investigation and release its findings publicly.

This needs to be accompanied by a hard-hitting independent inquiry of what happened at Optus. This requires IT expertise, which the Office of the Australian Information Commission may not have. Such an inquiry would also demonstrate Optus’ commitment to learn from any failures.



As we have seen before, businesses and government agencies cannot assume a data breach “won’t happen to them”. We need to find out what happened at Optus to ensure the future privacy of some of our most personal data.

This article was first published on The Conversation, and was written by Bruce Baer, Arnold Associate Professor, School of Law, University of Canberra
I only got notified yesterday of my licence being leaked with the information, previously I had been told by the optus shop in Townsville I need not worry as my account had been originally set up in NSW and that licence has since been cancelled as I have moved to QLD, now I get an email telling me my QLD licence was compromised, How did they get my QLD Licence on board, I have never given to them.
 
  • Like
  • Sad
Reactions: Ezzy and barbaranne
No organisation should be allowed to keep our personal details; but they do and the government turns a blind eye and is totally unconcerned.

If our government even gave a miscule amount of consideration, about our security, they wouldn't be pushing the digital ID, which would compromise our security and safety, even more and as the government's failed miserably, in controlling cyber hacking and identity theft, they have absolutely no business pushing their Digital ID, as it'll result in more court cases against negligent companies or perhaps the government's thinking of granting all government departments and businesses, collecting sensitive information, total immunity, which would deter everyone from suing?
 
Medicare card numbers are the latest personal details to be exposed as part of the Optus data breach.

Optus has confirmed this affects 14,900 valid Medicare numbers that have not expired, and a further 22,000 expired card numbers.

But this isn’t the first time Australians’ Medicare numbers have been exposed. And some privacy and cybersecurity experts have long been concerned about the security of our health data.

Here’s what you can do if you’re concerned about the latest Medicare breach, and what needs to happen next.



What’s the big deal?​

Your Medicare number gives you access to subsidised services across Australia’s health system. Most Australians have a number, whether or not they use these services.

Your Medicare card (as a plastic card or digitally, on your phone) is an official identifier. So alongside a driver’s licence, tax file number, birth certificate and passport, it can also be used as “proof of identity”. You may have supplied your Medicare number when opening a bank account, or signing up for a phone plan.

The idea is to minimise the chance people are using fake identities to wrongfully gain benefits from governments and business, including taking part in criminal activities such as money laundering.



Businesses and agencies are not meant to match your Medicare number with other data (eroding your privacy) other than in exceptional circumstances.

But they commonly accept sight of the physical/digital card bearing the number as proof of who you claim to be and risk data breaches by retaining copies of what they saw. Optus was such a business.

What should happen to protect your Medicare number?​

In theory, your Medicare number is protected by a number of different types of legislation – both national and at the state/territory level.

There are privacy laws. These are meant to prevent businesses and government agencies from unauthorised use of Medicare and other official identifiers for profiling people. These laws are also meant to prevent undisclosed sharing with other entities, such as individuals or businesses.

Then there are cybersecurity and other criminal laws. These also aim to prevent unauthorised access, sale and sharing of your Medicare number and other data (known as metadata) stored by telecommunication providers.

Has this happened before?​

Medicare numbers have been breached before, in 2017. An official inquirynoted trade in stolen Medicare numbers on the dark web.

The 2017 breach was apparently much larger, but the Optus numbers may grow as the investigation continues.

Experts have also raised concern about the government’s authorised release in 2016 of apparently de-identified health data. In fact, patient details could be identified, using a number of simple steps.

These two earlier examples should have meant both health agencies and businesses have taken extra care about their obligations to safeguard health data.




What if your Medicare number has been exposed?​

Unauthorised use of a Medicare number doesn’t necessarily result in large-scale identity crime.

For instance, Minister for Government Services Bill Shorten has said a Medicare number alone cannot unlock access to someone’s myGov account (and therefore access to someone’s welfare or tax details).

However, the Optus data breach – and future data breaches in the public and private sector – does provide Australian and overseas criminals with a set of identifiers (including passport and driver’s licence numbers), that can be used for a range of identity crimes, such as impersonating someone else.

Optus is advising affected customers to replace their Medicare card, at no cost, via their Medicare online account at myGov, the Express Plus Medicare mobile app, or by calling Medicare on 132 011.

Further details are available via Services Australia.



What else needs to happen?​

As with many data breaches, details about what happened at Optus, how and who is affected are only slowly trickling out.

The Office of the Australian Information Commission – the national privacy regulator – needs to run a rigorous and detailed investigation and release its findings publicly.

This needs to be accompanied by a hard-hitting independent inquiry of what happened at Optus. This requires IT expertise, which the Office of the Australian Information Commission may not have. Such an inquiry would also demonstrate Optus’ commitment to learn from any failures.



As we have seen before, businesses and government agencies cannot assume a data breach “won’t happen to them”. We need to find out what happened at Optus to ensure the future privacy of some of our most personal data.

This article was first published on The Conversation, and was written by Bruce Baer, Arnold Associate Professor, School of Law, University of Canberra
HOW DO WE KNOW IF OUR NUMBER HAS BEEN ILLEGALLY USED?
 
  • Like
Reactions: Ezzy and barbaranne
Another fuss about nothing. :rolleyes: Nothing will happen with this. Not even worth worrying about.

I was informed my driving license number was allegedly compromised and should be replaced, then a week later was told as NSW had already upgraded their security with licences it doesn't need to be replaced. I wasn't going to anyway. I'll wait to see if anything happens with this.

All this happenes to big companies nearly every day. Sometimes the idiots manage to get through companies IT security like they have this time.
 
No organisation should be allowed to keep our personal details; but they do and the government turns a blind eye and is totally unconcerned.

If our government even gave a miscule amount of consideration, about our security, they wouldn't be pushing the digital ID, which would compromise our security and safety, even more and as the government's failed miserably, in controlling cyber hacking and identity theft, they have absolutely no business pushing their Digital ID, as it'll result in more court cases against negligent companies or perhaps the government's thinking of granting all government departments and businesses, collecting sensitive information, total immunity, which would deter everyone from suing?
You're right. It is in the government's and big business interest to push digital ID as it will further erode our freedom and privacy. Reward cards are a great example. Do you really think that they give you something for nothing? The value in the rewards card are the data they collect about your shopping habits and when using digital money, such as credit/debit cards, your spending habits.
Why do you think you get targeted advertising? These data collection agencies that include social media know more about you then you think.
 
  • Like
Reactions: Ezzy and barbaranne

Join the conversation

News, deals, games, and bargains for Aussies over 60. From everyday expenses like groceries and eating out, to electronics, fashion and travel, the club is all about helping you make your money go further.

Seniors Discount Club

The SDC searches for the best deals, discounts, and bargains for Aussies over 60. From everyday expenses like groceries and eating out, to electronics, fashion and travel, the club is all about helping you make your money go further.
  1. New members
  2. Jokes & fun
  3. Photography
  4. Nostalgia / Yesterday's Australia
  5. Food and Lifestyle
  6. Money Saving Hacks
  7. Offtopic / Everything else

Latest Articles

  • We believe that retirement should be a time to relax and enjoy life, not worry about money. That's why we're here to help our members make the most of their retirement years. If you're over 60 and looking for ways to save money, connect with others, and have a laugh, we’d love to have you aboard.
  • Advertise with us

User Menu

Enjoyed Reading our Story?

  • Share this forum to your loved ones.
Change Weather Postcode×
Change Petrol Postcode×