Looking for security contact at Services Australia

A weakness in the Express Plus Medicare app allows the COVID-19 digital certificate to easily be forged. I’ve reported the issue to the Department of Health, as they have a VDP, but this app doesn’t fall under them. I’ve also reported to ASD Assist, who may have forwarded to relevant people at Services Australia, but have not received a response.

So if anyone has a pointer on connecting to Services Australia security team, I’d be grateful.


You won’t get an outcome response from ASD assist, but you should probably email them again letting them know that it hasn’t been fixed it @caseyjohnellis thoughts?

EDIT: if it’s a huge job to fix, I’d probably sit tight. If it’s a joke of a vulnerability, then I’d email them again, asking if they can confirm receipt.


Hi, reporter here. Any movement on this? If you’d like, I can contact their press office. Sometimes knowing the media is on it creates more urgency.

1 Like

I believe @caseyjohnellis has made contact with Services Australia regarding this issue. I have not (yet, I’m still hopeful!) heard from them.

1 Like

Hey @wabz, did you have any success here?

No, the best I could do was contact through ASD. No response from Services Australia.