Skip to main content
Skip to secondary navigation
Menu
Australian Government - Office of the Australian Information Commissioner - Home

Data breach: Aussietravelcover

Aussietravelcover data breach – finalisation of enquiries

2 June 2015

The Office of the Australian Information Commissioner (OAIC) has finalised enquiries into Aussietravelcover Pty Ltd (ATC) following a data breach notification received in December 2014.

ATC notified the Australian Privacy Commissioner that its information systems had been hacked, potentially affecting customer and insurance agent records held by ATC. In response to these incidents, ATC temporarily shut down its website and commissioned third party consultants to investigate the matter. ATC rolled out a new and more secure website, and permanently decommissioned its old website.

Initial media reports suggested that ‘hundreds of thousands’ of customer records may have been compromised as a result of the incident. However, on the basis of OAIC’s enquiries and consideration of the consultant’s investigation report, it appears that the personal information of far fewer individuals was compromised in the attack than had initially appeared to be the case. The majority of the information extracted from ATC’s systems as a result of the hack was corrupted during its extraction, and therefore was not accessible to the hacker in its original format. 133 insurance agents and four policyholders had their full ATC record extracted in an uncorrupted format as a result of the attack. ATC took steps to notify those individuals of the incident.

In light of the prompt action taken by ATC to respond to the breach, including notification to affected individuals, and remedial action taken to prevent future breaches, the OAIC does not intend to take any further action in relation to this incident at this time. However, further enquiries may be conducted if complaints are received from people who have been adversely affected by this incident.

Back to Contents

Data breach: Aussietravelcover

19 January 2015

‘The Office of the Australian Information Commissioner was notified about the breach on 22 December 2014. We have discussed the matter with AussieTravelCover, including raising some initial issues and providing recommendations about follow-up action. We are now waiting on further information from them before deciding whether to open a formal investigation.’

Back to Contents