NOTICE OF A DATA MATCHING PROGRAM – SERVICES AUSTRALIA AND FERTILITY NORTH CUSTOMERS AFFECTED BY NOVEMBER 2023 DATA BREACH

This notice refers to the commencement of a data matching program by Services Australia (the Agency) using information provided by Fertility North about Fertility North customers affected by the November 2023 data breach (Data Breach). The initial analysis provided by Fertility North indicates that there may be approximately 49,500 impacted customers.

Where an Agency customer’s Medicare number or Centrelink Reference Number (CRN) was disclosed as part of the Data Breach, the following data, to the extent captured by and available to Fertility North, has been provided by Fertility North to the Agency:

• card number, expiry date and customer name appearing on Medicare or Centrelink concession card
• customer’s date of birth
• customer’s address.

The Agency will compare the data provided by Fertility North to Medicare and Centrelink customer records held by the Agency. This will assist the Agency to identify affected customers and apply proactive security measures to affected customer records.

A protocol document describing this program has been developed in consultation with the Office of the Australian Information Commissioner (OAIC). Copies of the document are available from:

https://www.servicesaustralia.gov.au/data-matching-activities-for-third-party-organisation-data-breaches?context=1

The Agency adheres to the OAIC Guidelines on data matching in Australian Government administration which includes standards for data matching to protect the privacy of individuals. The Agency’s privacy policy is available at:

https://www.servicesaustralia.gov.au/organisations/about-us/publications-and-resources/privacy-policy