Australian Insurer Privacy Breach, 2 June 2022

NSW public insurer icare sends private details of 193,000 workers to wrong employers

Excel spreadsheet emailed to 587 wrong employers and brokers

Company Statement: Privacy Incident
Source: NSW public insurer icare privacy bungle hits 193,000 people | iTnews

Related incidents in New South Wales and the Banking and Finance industry.

Update 9/6/2022: icare still waiting on leaked workers’ comp data to be deleted | iTnews
NSW public insurer icare is yet to receive assurances from two dozen firms mistakenly sent reports containing the personal details of 193,000 injured workers, that they have deleted the data.

The personal details of almost 200,000 injured workers were mistakenly shared with 587 employers and insurance brokers in a major privacy data breach by embattled state insurer icare last month.

“A privacy incident occurred in the week of May 10 2022 due to human error resulting in April 2022 employer cost of claims reports being issued to the wrong employer or broker,” the insurer said in a statement on its website.

An icare spokesperson has emailed iTnews to say: “The incident involved the Cost of Claims report for one employer being sent to a single different employer. 587 employers or brokers received an incorrect report (each report was unique). Data relating to 193,000 workers was contained in the totality of those 587 unique reports.”

The cost of claims report included a summary of workers’ claims history, their name, date of birth and injury category, but no banking or contact details.

The State Insurance Regulatory Authority is investigating if the incident constituted a breach of the workers’ compensation legislation, a spokeswoman said.

In a statement, the Privacy Commissioner said icare had confirmed arrangements to support affected workers who can also contact the Information and Privacy Commission for advice.