The Office of the Australian Information Commissioner (OAIC) is deciding whether to investigate travel insurance company, Aussietravelcover after reports that personal information including names, phone numbers, email addresses, travel dates and policy costs were hacked on 18 December, 2014.
The OAIC was notified about the data breach on 22 December. "We have discussed the matter with Aussietravelcover, including raising some initial issues and providing recommendations about follow-up action. We are now waiting on further information from them before deciding whether to open a formal investigation," said an OAIC spokeswoman in a statement.
An Aussietravelcover spokesperson confirmed that the company had investigated an allegation that it was the victim of an illegal hacking incident last month.
"The website was closed immediately and an investigation revealed one policy was compromised. The affected policy holder has been notified," said the spokesperson.
Aussietravelcover has been in contact with CERT Australia, the AFP and OAIC.
"The company is taking the matter seriously and cooperating to the fullest with the authorities mentioned. However, given that this is a current law enforcement investigation, the company is not in a position to provide any further information at this stage," said the spokesperson.
The ABC reported that Aussietravelcover opted not to tell insurance policy holders or customers about the data breach.
The ABC quoted an email allegedly sent by Aussietravelcover to its agents which said that because it engaged consultants to help investigate the breach, there was "no reason to advise policyholders."
More to come.
Read more:Privacy complaints jump by 183% in FY14
Follow Hamish Barwick on Twitter: @HamishBarwick