NSW public insurer icare privacy bungle hits 193,000 people

NSW workers’ compensation insurer icare is contacting thousands of people over a privacy breach that happened in early May.

“A privacy incident occurred in the week of May 10 2022 due to human error resulting in April 2022 employer cost of claims reports being issued to the wrong employer or broker," the insurer said in a statement on its website.

icare said it is now working with the NSW Information and Privacy Commissioner and identity theft support organisation IDCARE.

It is also getting in touch with employers and brokers who received the wrong reports, and is “in the process of confirming with them that they have deleted the information”, the statement added.

The State Insurance Regulatory Authority has also been notified.

An icare spokesperson has emailed iTnews to say: “The incident involved the Cost of Claims report for one employer being sent to a single different employer. 587 employers or brokers received an incorrect report (each report was unique). Data relating to 193,000 workers was contained in the totality of those 587 unique reports.”

The spokesperson added: “No personal financial information or contact details were included. The policy number and cost of claim are included, however no personal bank details or other financial information that could potentially lead to fraud or theft was included.”

The report added that icare has apologised to individuals affected by what it said was “human error related to manual processing.”

“We have also commenced a comprehensive review of our systems and processes to ensure it does not happen again,” icare’s statement reads.

“We are strengthening our controls to improve our safety measures.”