The personal data of up to 200,000 NSW workers have been leaked by the insurer organisation iCare, in an incident that has been chalked up to “human error”.
The NSW public insurer revealed that the ‘cost of claims’ details of 193,000 workers was sent to the wrong employer or broker last month.
The personal details would usually only be sent to an individual’s own employer. However, it was found that employers received a spreadsheet that contained the names, addresses, dates of birth and claims information of iCare customers.
A statement on iCare’s website acknowledged that a “privacy incident”, which occurred on the week of May 10, was caused by human error. This error then led to Employer Cost of Claims reports from April 2022 being issued to the wrong employer or broker.
“As soon as iCare was made aware of the incident, we took immediate action to rectify the matter,” the statement said.
The NSW insurer promptly contacted employers who received the details in error. The organisation is in the process of confirming that the private data has been deleted with help from the Privacy Commissioner of NSW and third-party IDCARE. The State Insurance Regulatory Authority has been notified of the incident.
“We are contacting individuals concerning the incident and the steps we have taken to ensure the security of their information,” iCare’s statement said.
“We have also commenced a comprehensive review of our systems and processes to ensure it does not happen again.”
Shadow Treasurer Daniel Mookhey called on the government to launch an independent investigation into the data leak, calling the size of the breach “frightening”.
“A leak this big demands nothing less than an independent investigation,” Treasurer Mookhey said.
“The 190,000 workers whose personal information iCare distributed far and wide deserve answers about why this happened.”
Labor’s industrial relations spokeswoman Sophie Cotsis said iCare needs to contact all the affected workers.
“A vague statement by iCare on its website doesn’t cut it,” she said.
“They need to know their privacy has been compromised. They might now have to take steps to protect themselves.”
With AAP