Leading pathology services provider Australian Clinical Labs has admitted sensitive customer information including medical records and credit card numbers were stolen in a cyberattack and shared on the dark web.
The company revealed the breach in a lengthy ASX announcement on Thursday, saying the sensitive information of about 223,000 people has been affected.
ACL said its breach, which impacts its subsidiary Medlab, largely affects staff and patients in Queensland and NSW.
It said the most concerning data stolen includes:
- 17,539 individual medical and health records associated with a pathology test.
- 28,286 credit card numbers and people’s names. Of these records, 15,724 have expired and 3375 have a CVV code attached.
- 128,608 Medicare numbers (not copies of cards) and people’s names.
The Australian Cyber Security Centre in June told ACL the personal information had been posted to the dark web. ACL took steps to permanently remove it.
The company said it would begin contacting people impacted by the breach on Thursday and told Medlab customers to monitor their email and postal mail in coming weeks.