Recent reports said that Medicare details were available for sale on a site on the dark web.
The government was caught on the hop when it surfaced that the Australian Taxation Office was reported to have told its staff that Medicare cards could not be used for identity verification after this information came to light.
But then the ATO quickly withdrew this advice – presumably because it did not gell with the statements being made by Human Services Minister Alan Tudge that all was well and no breach of any kind had occurred.
This points to confusion in government ranks, a situation where the right hand does not know what the left hand is doing. But that is a minor fallout.
Questions should, however, be raised about the crazy push to put public data on the Internet, especially in view of the increasing reports about data breaches, all at websites which were thought to be safe and secure beyond a doubt.
Having data at one's fingertips is very convenient. But convenience is, and has always been, the greatest enemy of security. Even the most junior security professional will tell you that.
Many security incidents occur because data is knowingly, or unknowingly, exposed on the Web. It is trivial to find unsecured data stores – some white hat hackers do it for a living.
From 22 February next year, it will become mandatory for government agencies and businesses/non-profits which have turnover of more than $3 million to disclose any data breaches.
But that will provide small comfort to the individual whose identity is stolen.
Putting data on an intranet is safer, but then again nothing is foolproof. The Stuxnet virus, which disrupted Iran's nuclear programme, was transmitted through an USB stick as the nuclear facility was not on any public network.
But the chances of data exfiltration are greater when a site is connected to the Internet. A little convenience will lead to a great deal of pain later on.
It is probably too much to expect a government, especially one as technologically naive as the one we have, to think seriously about the implications of public data access. But if more people raise doubts about the wisdom of doing so, maybe someone will notice.