A hacked survey conducted by QIMR Berghofer has compromised the personal details of participants. Source: Kgbo, Wikimedia Commons
The biggest skin cancer study in Australia has been hit by a data breach, exposing the details of over 1,000 people to hackers.
The ABC has revealed that, last year, cyber criminals broke into servers holding personal data collected by QIMR Berghofer medical research institute in Brisbane.
QIMR Berghofer has been conducting further scientific surveys on Australians without publicly revealing it has been the victim of a cyber-attack. This has led to calls for stricter public disclosure laws.
QIMR Berghofer hired technology company Datatime to scan and process surveys for its QSKIN study. While Datatime had planned to permanently delete the personal information after 12 months, it was hit by the data breach before it was able to do so.
QIMR Berghofer told ABC that 1,128 people have had personal details exposed in the data breach, including names, addresses, and Medicare numbers.
“No other information, including genetic data or other, was involved or held by Datatime,” QIMR Berghofer said.
“Once notified of the breach, QIMR Berghofer identified affected participants and contacted them directly by email in accordance with the recommendation of the Office of the Information Commissioner Queensland.”
Paul Gallo, chief executive of the PNORS Technology Group which owns Datatime, said that the company’s cyber experts “do not believe any further data was breached, which includes the QSKIN data survey.”
“After a rigorous and extensive investigation by internal and external cyber security experts, it was determined that no private data was released into the public domain,” Mr Gallo said.
“There has been no further contact with the cyber hackers and we have no reason to believe any private data has been, or will be, released.”
However, the study’s principal investigator David Whiteman sent an email to survey respondents last year, revealing that this was a genuine concern.
“While we cannot provide categorical confirmation, it is possible that your survey data have been compromised,” Professor Whiteman said in the email.
“We do not know yet whether the cyber-criminals have accessed QSKIN’s survey data, however we wanted to let you know in case it is possible that your name, contact details, and Medicare number, and potentially responses to your survey form were accessed.”
