If you are a Suncorp Superannuation customer, read this article. There has been a significant privacy breach that might include you.
In December 2017, the Federal Government established a Royal Commission into the Banking, Superannuation and Financial Services Industry, which has been holding hearings and receiving evidence throughout the year. As part of this work, the Royal Commission requested information and records from a number of financial services organisations, including Suncorp.
Suncorp apparently sought a formal order or agreement from the Royal Commission that the information provided was not to be published and would remain confidential. The order was granted by the Commission, but for whatever reason information was posted by the Commission on it’s public website on 7 September 2018.
On 8 November 2018 Suncorp discovered the publication and immediately asked the Royal Commission to remove the information, and it was removed.
The publication was an electronic spreadsheet containing Suncorp customer information. The spreadsheet contained the following customer information:
- Phone number;
- Email address;
- Employment details;
- Date of Birth;
- Insurance Status;
- Beneficiary nominations;
- Superannuation balance.
Suncorp have offered 12 months free access to Equifax’s credit monitoring and identity theft protection services, and have recommended that customers:
- Consider changing the password to their Suncorp superannuation account;
- Monitor their Suncorp account, and other accounts and immediately report unusual activity;
- Contact other financial services to inform them that their personal data may have been compromised.
But is this really enough? If a savvy criminal had accessed that information while it was published – for two months – any number of criminal acts could be committed at any time in the future using the Suncorp customers personal information.
This incident involves a mandatory data breach incident under the Notifiable Data Breach scheme, which commenced on 22 February 2018. It also involves a likely breach of privacy under the Privacy Act 1988 (Cth). There may be the possibility to make a claim for this breach.
This is not the first time Suncorp have found themselves involved in a data breach. In early 2017 Suncorp wrote to members of the relatively new ‘Brighter Super’ product informing them that Suncorp recently discovered a system error within the Suncorp Brighter Super Website “that made it possible for other members to temporarily view your personal information”.
“The personal information included your name, address, date of birth, member number, tax file number and employer information,” the letter said.
We live in a world where information is stored electronically, and if that information gets in the wrong hands people can be significantly affected. You might have read our article that raised our concerns about information privacy with the My Health Record.
If you have any concerns about your superannuation or information privacy please contact one of our lawyers on 13 58 28.