This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Specsavers Queensland

Summary

Specsavers, the multinational optical retail chain, warned Queensland customers in June 2019 that their private medical information may have been compromised in a data breach. The incident potentially exposed eye health records, prescription details, and personal information of customers who had received eye examinations or purchased glasses at Specsavers stores across Queensland.

What Happened

Hacking. Cybercriminals gained unauthorised access to Specsavers' systems storing customer optometry records for Queensland locations. The compromised data potentially included eye examination results, prescription details, vision history, contact lens specifications, and personal information such as names, addresses, phone numbers, and email addresses. Optometry records are considered medical information under privacy law, making this a health data breach. The breach appeared to be limited to Queensland operations rather than affecting the national Specsavers network. Specsavers discovered the unauthorised access during security monitoring and launched an investigation.

Impact on Individuals

  • Medical Data Exposure: Eye health records and prescription information compromised
  • Vision Health Privacy: Details about vision problems, eye conditions, and treatment history revealed
  • Personal Information: Contact details and customer profiles stolen
  • Medical Identity Theft: Health records valuable for fraudulent insurance claims or medical identity fraud
  • Queensland Customers: Regional scope meant impact concentrated in one state

While optometry data may seem less sensitive than other health records, it nonetheless constitutes protected medical information.

Response

Specsavers immediately notified potentially affected Queensland customers and advised them to be alert for potential misuse of their information. The company engaged cybersecurity experts to investigate the breach, determine what data was accessed, and implement enhanced security measures. Specsavers reported the incident to the Office of the Australian Information Commissioner and cooperated with the investigation. The optometry chain reviewed its data security practices nationally and implemented stronger protections for customer health records. Customers were advised to monitor for suspicious contact attempts and to be cautious about any communications claiming to be from Specsavers. The breach highlighted the often-overlooked reality that retail optometry chains handle significant volumes of sensitive health data requiring medical-grade privacy protections. +++

Verification Source: View original statement