00:00There are these two ads that have popped up on these dark web marketplaces.
00:07So these are the forums where data such as the MediSecure Trove are bought and sold.
00:14So the first ad popped up in May, advertising it for $50,000, saying one buyer only.
00:22And the story sort of went cold after that.
00:24That was the last news we heard.
00:25But now we can say that that ad, as you say, it's saying sold in big red letters.
00:33And there's a second ad that cropped up on a separate forum, but seemingly from the same
00:39user or a user using the same name, at least, Ansgar, and advertising it at that half price
00:46bargain bin rate of $25,000.
00:49The reason there, or the stated rationale at least, being that, well, I've sold it once,
00:54the second buyer, you're getting a discount.
00:57Anyone looking to buy data, people have different reasons.
01:02Some people are kind of building a bigger database, and some people are just looking
01:06to make a quick buck.
01:07Some people might be looking to resell the data.
01:10There are a range of uses that a cyber criminal might have for buying the data.
01:15In fact, sometimes companies themselves and governments, they buy it back.
01:21Not that that's necessarily disclosed.
01:24So it could be many, many buyers.
01:26But if it were someone looking to make money, they would be looking for a return on investment.
01:33And if you break down what this data is being sold for, sort of per dollar per person, it
01:39works out to be, at the original price, about $4 for 1,000 Australians details, $2 at the
01:45sale price.
01:47So you would only have to, I guess, exploit one of the 1,000 within that group to make
01:57that pay for itself.
01:59You'd have to do it many times over, but that's kind of the economics of that trade.
02:06We spoke to the Privacy Commissioner, Carly Kind, for this story as well, and she's taking
02:10more of a big picture view.
02:12She's looking at what the cumulative impact of the large-scale data breaches of the last
02:18few years is.
02:19So we're looking at Medibank, looking at Optus, you know, Latitude even, so many, many millions
02:26of Australians exposed in those breaches, some of them many times over.
02:32And she said that all does add up.
02:35There is the risk of a mosaic approach whereby bad actors, data brokers and others can now
02:41start to piece together the personal information that has been leaked on Australians through
02:47multiple data breaches.
02:49So certainly this recent breach risks aggravating an already bad situation.
02:55Privacy Commissioner Carly Kind there talking about the compounding effect of these kinds
02:59of breaches.
03:00We also had a statement from the National Cyber Security Coordinator, Lieutenant General
03:05Michelle McGuinness, who said that the government is aware of these ads.
03:11There's no sign at this point that the data is more widely available, that they can see
03:16at least.
03:17And she's repeated her advice to Australians to not go looking for the data as difficult
03:23as that may seem.
03:24People will obviously be worried, but she reminded us that it can in fact constitute
03:30a criminal offence in and of itself.
Comments