NOTICE OF A DATA MATCHING PROGRAM – SERVICES AUSTRALIA AND TISSUPATH PATHOLOGY CUSTOMERS AFFECTED BY AUGUST 2023 DATA BREACH
This notice refers to the commencement of a data matching program by Services Australia (the Agency) using information provided by TissuPath Pathology (TissuPath) about TissuPath customers affected by the August 2023 data breach (Data Breach). The initial analysis provided by TissuPath indicates that there may be approximately 140,000 to 240,000 impacted credentials.
Where an Agency customer’s Medicare number or Centrelink Reference Number (CRN) was disclosed as part of the Data Breach, the following data, to the extent captured by and available to TissuPath, has been provided by TissuPath to the Agency:
- card number, expiry date and customer name appearing on Medicare or Centrelink concession card
- customer’s date of birth
- customer’s address.
The Agency will compare the data provided by TissuPath to Medicare and Centrelink customer records held by the Agency. This will assist the agency to identify affected customers and apply proactive security measures to affected customer records.
A protocol document describing this program has been developed in consultation with the Office of the Australian Information Commissioner (OAIC). Copies of the document are available from:
https://www.servicesaustralia.gov.au/data-matching-activities-for-third-party-organisation-data-breaches?context=1
The Agency adheres to the OAIC Guidelines on data matching in Australian Government administration which includes standards for data matching to protect the privacy of individuals. The Agency’s privacy policy is available at:
https://www.servicesaustralia.gov.au/organisations/about-us/publications-and-resources/privacy-policy