The Claim
“Lied about when they found out about the sale of Medicare data on the black market.”
Original Sources Provided
✅ FACTUAL VERIFICATION
The claim relates to the 2017 Medicare data breach, where personal Medicare details were discovered being sold on the dark web. The core factual issue is whether government officials misrepresented the timing of when they discovered the breach.
Timeline of Events:
The Guardian first publicly revealed on July 4, 2017, that Medicare numbers were being sold on the dark web [1]. However, internal Department of Human Services (DHS) emails obtained under freedom of information laws reveal that senior DHS officials discussed the illicit sale of Medicare details on the dark net as early as June 22, 2017 - nearly two weeks before the public revelation [2].
According to The New Daily's reporting, on June 22, Rhonda Morris (national manager for serious non-compliance) raised the issue with Kate Buggy (national manager for internal fraud control and investigations) and Mark Withnell (general manager of business integrity), among other unnamed officials [2]. In a subsequent July 3 email, Mr. Withnell apparently connected The Guardian's inquiries to the department's earlier discussions, writing to colleagues: "This is the one I was mentioning last week" [2].
Government's Public Statements:
In the immediate aftermath of The Guardian's July 4 revelation, Human Services Minister Alan Tudge stated publicly that he and his department had only learned of the illicit trade when contacted by a Guardian journalist on July 3 [2]. He later reiterated: "I was not aware of this case until July 3 when the journalist alerted me to them" [2].
Key Distinction:
However, the DHS spokesman denied the department had knowledge of a "specific breach" in June and claimed internal discussions had only related to "general matters" related to dark net activity, not the specific Medicare data sales [2]. This is an important clarification - the June 22 email discussions may have concerned general dark web fraud threats rather than the specific Medicare "Machine" vendor that was later revealed by The Guardian [2].
Most significantly, it remains unclear from the released documents exactly what DHS knew about the sale of Medicare details specifically on the dark web prior to July 4's media report, as the department "redacted most of the content of the emails" citing "exemptions related to law enforcement and criminal investigations" and refused to release numerous other related emails entirely [2].
Missing Context
The claim's framing as "lied about when they found out" requires careful examination of what exactly was known and when:
General threat awareness vs. specific breach: The June 22 emails may have discussed general dark web activity or security vulnerabilities rather than proof that Medicare data was actively being sold [2]. This is a significant distinction.
Scope of DHS knowledge: Senator questioning revealed that as of September 2017, DHS believed as many as 165 people may have had their Medicare numbers sold to unknown parties, but this was an estimate, not a confirmed number [2].
Security vulnerability vs. active exploitation: The government's investigation determined the breach resulted from "traditional criminal activity" (a professional accessing the system) rather than a cyber attack, suggesting the vulnerability may have existed for some time without active knowledge of exploitation [1].
Investigation constraints: The Australian Federal Police investigation into the source of the breach was ongoing, which may have limited what officials could publicly disclose [1].
The nature of the June 22 discussion: The specific content of internal discussions is heavily redacted, making it impossible to determine whether officials discussed confirmed sales, suspected vulnerability, or general dark web monitoring concerns [2].
Source Credibility Assessment
The original source provided is The New Daily, which published an exclusive investigation on November 21, 2017. The New Daily is an Australian news website that generally focuses on national news and politics. According to media bias analysis, The New Daily is identified as having a left-leaning bias [3]. This is relevant context, as the outlet has a history of critical coverage of Coalition governments.
However, the core factual claims in The New Daily article are based on:
- Internal DHS emails obtained under Freedom of Information laws - Official government records [2]
- Direct quotes from Alan Tudge and DHS spokespersons - Primary sources [2]
- Corroboration from ABC News and Sydney Morning Herald which covered the original Medicare data sales in July 2017 [1]
The claim about the June 22 internal emails is supported by official government documents released via FOI, which is a credible source. However, the interpretation that this constitutes "lying" about timing depends on what those redacted emails actually contained.
Labor Comparison
Did Labor have similar cyber security breaches or cover-ups?
While direct equivalents in data breaches are not readily apparent in searches, Labor governments have faced significant cyber security and data handling controversies:
- 2012 Electoral Commission Hack: A Labor-era incident where Australian Electoral Commission data was compromised [4]
- Centrelink Data Matching Program: A separate 2017 incident where the DHS (same department under Coalition oversight) was involved in unauthorized release of personal information to journalists to defuse political claims, described as highly controversial [2]
However, the specific scenario of data being actively sold on dark web by criminals appears to be unique to this 2017 incident. Labor has not faced a directly comparable breach of this scale or nature during the period examined.
Balanced Perspective
The claim appears to be partially substantiated but requires nuance:
Evidence supporting the claim:
- Internal emails from June 22, 2017 show DHS officials were discussing dark web security issues weeks before the public revelation [2]
- Minister Tudge stated publicly that he only learned of it on July 3, when a Guardian journalist contacted him - this contradicts evidence of internal knowledge [2]
- The timing gap (June 22 vs July 3) is a factual discrepancy [2]
Factors complicating the "lie" characterization:
- The redacted nature of internal emails means the specific content and scope of June 22 discussions are unknown [2]
- DHS claims the June 22 discussions involved "general matters" about dark web activity, not confirmed Medicare sales [2]
- The department's FOI response redactions prevent full verification of what officials actually knew [2]
- Government statements might technically be accurate if the June 22 discussions involved vulnerability assessments rather than confirmed active sales [2]
- An FOI investigation revealed that in early 2018, the government was still investigating the incident, suggesting genuine uncertainty about the scope and timeline [5]
Key Issue: The evidence demonstrates that government officials had discussions about dark web security matters before July 3, and that this wasn't disclosed publicly. Whether this constitutes "lying" depends on whether June 22 discussions specifically concerned Medicare data sales or broader security concerns. The heavy redactions make a definitive determination impossible.
Comparative governance context: Data breach responses typically involve coordination between departments, law enforcement, and security agencies before public disclosure. The question of when "knowledge" occurred (internal discussion vs. confirmed threat vs. public disclosure) is a legitimate area of government accountability scrutiny.
PARTIALLY TRUE
6.0
out of 10
The government did discuss dark web security matters internally before publicly disclosing the Medicare breach, but the claim that they "lied about when they found out" requires qualification based on what exactly was known and when it was confirmed.
The evidence shows:
- Government officials discussed dark web activities on June 22 [2]
- Public statements indicated knowledge only came on July 3 [2]
- This represents a credibility gap
However:
- The specific content of June 22 discussions remains redacted [2]
- It's unclear whether those discussions concerned confirmed Medicare sales or general vulnerabilities [2]
- DHS statements suggest discussions may have been about general matters, not specific breach knowledge [2]
The claim is largely supported by timing discrepancies but overstates the evidence by using the word "lied" without accounting for what was actually discussed.
Final Score
6.0
OUT OF 10
PARTIALLY TRUE
The government did discuss dark web security matters internally before publicly disclosing the Medicare breach, but the claim that they "lied about when they found out" requires qualification based on what exactly was known and when it was confirmed.
The evidence shows:
- Government officials discussed dark web activities on June 22 [2]
- Public statements indicated knowledge only came on July 3 [2]
- This represents a credibility gap
However:
- The specific content of June 22 discussions remains redacted [2]
- It's unclear whether those discussions concerned confirmed Medicare sales or general vulnerabilities [2]
- DHS statements suggest discussions may have been about general matters, not specific breach knowledge [2]
The claim is largely supported by timing discrepancies but overstates the evidence by using the word "lied" without accounting for what was actually discussed.
📚 SOURCES & CITATIONS (5)
-
1
Government orders Medicare review over dark web concerns
The Federal Government may make it harder for health professionals to access Medicare numbers online after a news outlet revealed one of its reporters had been able to purchase his details on the dark web.
Abc Net -
2
Revealed: Alan Tudge's department knew of Medicare breaches prior to bombshell report
The DHS flagged the illegal sale of Medicare details on the dark web almost a fortnight before the illicit trade was exposed, TND reveals.
Thenewdaily Com -
3
Medicare card details of every Australian currently up for sale on the dark web
A confronting report shows that a vendor on the dark web can pull up the full Medicare card details of any Australian on request — and is selling them for around $30 each — indicating a security hole somewhere in the health system.
The Sydney Morning Herald -
4
LEAKED: Alan Tudge's secret emails on Medicare data breach
Leaking of citizens' private information is solely the responsibility of the department and the relevant minister.
Crikey -
5PDF
Senate Inquiry: Circumstances in which Australians' personal Medicare information has been compromised
Aph Gov • PDF Document
Rating Scale Methodology
1-3: FALSE
Factually incorrect or malicious fabrication.
4-6: PARTIAL
Some truth but context is missing or skewed.
7-9: MOSTLY TRUE
Minor technicalities or phrasing issues.
10: ACCURATE
Perfectly verified and contextually fair.
Methodology: Ratings are determined through cross-referencing official government records, independent fact-checking organizations, and primary source documents.