Specsavers-owned computer equipment containing private patient details has been stolen from a storage facility during refurbishment works at a Queensland store.
The optical chain became aware of the potential privacy breach at its Stockland Bundaberg store on 3 June, after the password-protected computer server disappeared during a refurbishment. Other IT equipment and construction materials were also lost.
The server may have contained names, date of births, addresses, phone numbers, ail addresses, clinical records of optometry tests and Medicare details, the ABC reported, citing an email Specsavers sent to customers. However, it is believed no credit card or financial information was compromised.
A Specsavers spokesperson told Insight the computer server was stolen during a recent shop fitout and relocation at the shopping centre. It was contained in a contractor’s onsite storage facility, with police believing it was taken between 25 and 26 May.
“Despite our best efforts and the assistance of law enforcement, we have been unable to recover the server to date. There is no evidence to suggest customer information has been accessed at this time, but we are continuing to adopt a precautionary approach and monitor the situation carefully,” the spokesperson said.
A Queensland Police Service spokesperson told Insight the offenders appeared to have cut a padlock on a shipping container to access the items.
“Unfortunately there are still no suspects,” he said.
According to Specsavers, the store has now taken steps to inform customers and provide an opportunity to take precautionary measures to protect their information.
Since becoming aware of the incident, Specsavers has notified and cooperated with the Commonwealth Department of Human Services to ensure the security of customers’ Medicare information, as well as the Office of the Australian Information Commissioner to provide further information to assist with its own assessment.
It has also engaged Australasian identity and cyber support service IDCARE to assist customers with queries or concerns, and launched an internal investigation via the Specsavers Information Security Department.
Medicare is monitoring the records of impacted customers for suspicious activity and has advised most people will not need to make contact.
“We sincerely regret any concern caused by this incident. We are committed to the privacy and security of our customers’ personal data and we are doing everything we can to ensure that this cannot happen again in the future,” the Specsavers spokesperson said.