Specsavers suffered data breach compromising clients’ medical details

• The stolen computer server contained the personal information of clients including names, dates of birth, addresses, phone numbers, email addresses, clinical records of optometry tests, and Medicare details.
• Specsavers confirmed that there has been no evidence that the information on the server has been accessed.

Eyewear giant Specsavers suffered a data breach compromising Bundaberg clients’ medical details after a password-protected computer server went missing.

What happened?

On June 03, 2019, Specsavers became aware that a shipping container containing the business' belongings including a computer server has been stolen between May 25 and 26, 2019.

“During the fit-out works, a range of building materials and IT equipment, including a password-protected computer server, went missing from an onsite storage facility,” Specsavers said.

What information was compromised?

The stolen computer server contained the personal information of clients including names, dates of birth, addresses, phone numbers, email addresses, clinical records of optometry tests, and Medicare details. However, no financial information or credit card details were involved in the incident.

Specsavers confirmed that there has been no evidence that the information on the server has been accessed.

The response

• Specsavers is working closely with IDCARE (Australia and New Zealand's national identity and cyber support service) to notify its customers about the incident and advise them on the precautionary measures to be taken.
• The Eyewear giant has warned its customers to be cautious about telephone calls, emails, and messages that purport to come from Specsavers.
• The optical company is also working with the Commonwealth Department of Human Services to monitor the records for any suspicious activity and implement additional security to the impacted customers' Medicare records.
• It has also notified the Office of the Australian Information Commissioner about the incident.

“We are committed to the privacy and security of our customers' personal data and we are doing everything we can to ensure that this cannot happen again in the future,” Specsavers said in a statement to ABC.