The details of up to 66,000 members and clients of the Australian Insitute of Company Directors were stolen in a brazen theft of a laptop last weekend.
The computer contained client names, business and home addresses, date of birth details, contact numbers and membership numbers.
The "opportunistic" theft occured during a scheduled power outage at Sydney NAB House in George Street.
Closed circuit cameras and swipe cards were offline and extra security personnel were on duty.
Police are investigating the incident but it is thought the only access into the building was a supply lift which was manned during the outage.
The laptop computer, which had stored the data for testing of a new customer relationship management system, did not have disk encryption or a remote wipe function but had other security access controls in place.
“The data on the computer was protected. We understand that the risk of its being accessed and used for fraudulent purposes is low and that its utility is minimal, as much of the information is publicly available,” said John Colvin, CEO of the Australian Insitute of Company Directors.
“The stolen computer did not contain data about credit card numbers, banking details, personal email addresses of members and clients or passwords.”
The organisation is contacting affected clients today by email and the postage service. It has placed a statement on its web site and set up a phone contact line.
It has also informed the NSW Privacy Commissioner and is following best practice remediation guidelines.