$557 million stolen through fake myGov accounts in a single year. Criminals figured out they could create a myGov account, link it to someone else's tax file number, and lodge a fraudulent tax return — collecting the refund before the real person even knew. The Inspector-General called the system "fundamentally flawed." Half a billion dollars says he was right.
critical
The government used myGov's data-matching infrastructure to compare ATO tax records with Centrelink payments — then sent automated debt notices to 443,000 people. Many debts were wrong. The scheme was illegal from day one. People killed themselves over debts they never owed. The Royal Commission called it "a crude and cruel mechanism." The government repaid $1.76 billion. The dead did not come back.
critical
The Ombudsman found myGov's security was "not adequate." Ten thousand people had their accounts hijacked in one year. Fraudsters linked victims' Medicare and Centrelink to fake myGov accounts and stole $25.5 million through bogus tax returns. The government admitted the platform was designed in 2013 and the threat landscape had "deteriorated substantially" since then. They knew it was outdated and insecure and kept pushing 5.6 million people onto it anyway.
A government health app that processes your doctor visits and prescriptions was also collecting your race and ethnicity. The Google Play listing says so plainly. Why does claiming a Medicare rebate require knowing your racial background? Combined with your health claim history, this creates a profile linking race to medical conditions — held by a government agency that saw a 330% increase in data breaches.
high
The Google Play listing says the Medicare app "doesn't share user data." But Services Australia admits using Google Analytics — which sends your page visits to Google in the US. When you check your doctor visits, prescription claims, or health service history, Google gets to see which pages you navigate. Your health service interaction patterns are flowing through the infrastructure of the world's largest advertising company. But sure, they "don't share data."
medium
The Medicare app collected your health claims, doctor visits, race, and personal details for years. It never provided a way to delete that data — Google Play says so explicitly. The app was retired in November 2025, and all that health information is still sitting there. You had "control" over what you gave them, but zero control over getting it back or making it disappear.
Your Medicare number — for $30 on the dark web. A journalist proved it by buying one. The leak came through a government portal that health professionals use. Services Australia denied it, investigated it, and confirmed it. For thirty dollars, anyone could get the number that unlocks your entire medical history.
high
The Medicare app stores your login tokens in plaintext on your phone. Use it on public Wi-Fi at a hospital waiting room and your health claims could be intercepted. The government asks you to go digital, then builds the app like security is optional.
high
Your Medicare record is not just your health data. It feeds into 14 different government data-matching programs — cross-referenced with your tax records, Centrelink payments, and veteran status. Several of these programs never had a privacy impact assessment. Your doctor visit becomes a data point in a machine you never consented to.
443,000 Australians got letters saying they owed Centrelink money. The debts were calculated by averaging annual income across fortnights — a method the government knew was legally wrong. People sold their cars. Lost their homes. At least three people killed themselves. The Royal Commission found ministers were warned and ignored it. The government repaid $1.76 billion. Nobody went to prison.
high
If you receive Centrelink, the government watches where you fly, what you earn, what property you own, and what shows up in your bank account. 17 different data-matching programs run constantly. They check airlines to see if you went overseas. They check real estate databases to see if you bought property. Welfare recipients live under more financial surveillance than money launderers.
high
55 million Centrelink calls went unanswered in one year. Average phone wait: over 3 hours. Offices closed. The app is technically "optional" the way breathing is technically optional if you don't mind the consequences. Miss your fortnightly report because you couldn't get through? Payment suspended. The Ombudsman called it failing the most vulnerable Australians.