Medical testing company Medlab Pathology and its parent, Australian Clinical Labs, took five months after a government warning that customers’ data was on the dark web to tell 223,000 people their personal information had been exposed.
In June, the Australian Cyber Security Centre found Medlab customer data on the dark web but the company did not inform its customers because it was analysing the “complex and unstructured” data to determine what information had been taken from which customers. It started to contact customers on Thursday.Advertisement
The information commission has previously said it “does not consider that tailoring notifications justifies delay in notifying affected individuals”. The watchdog’s commissioner, Angelene Falk, emphasised earlier this year that any delays in telling hack victims can make it harder for them to protect themselves.
“We recognise the concern and inconvenience this incident may cause those who have used Medlab’s services and have taken steps to identify individuals affected,” McGrath said. “We are in the process of providing tailored notifications to the individuals involved.”