Law firm mulls class action over NDIS software provider data breach

Law firm mulls class action over NDIS software provider data breach

A Sydney law firm is considering a class action against NDIS client management system provider CTARS over a security breach that exposed sensitive health data belonging to NDIS participants.


Centennial Lawyers, which is known for Australia’s first privacy class action in 2017, is conducting “preliminary investigations” into the CTARS data breach, with a view to initiating a class action.


CTARS last week revealed a “large volume” of personal, health and other sensitive data belonging to NDIS participants and other individuals was accessed by an unauthorised third-party in May.

A sample of the data, which could include details of diagnoses, treatment or recovery of a medical condition or disability, has already been posted on the dark web, according to the company.


Medicare and pensioner cards, as well as tax file numbers, are also thought to have been compromised.


Data breach repository Have I Been Pwned, which is run by security expert Troy Hunt, has estimated the number of compromised email address at approximately 12,000, a “significant portion” of which belong to staff at care providers.


Hunt has suggested that it is "highly likely sensitive personal information can be matched to individuals".


Centennial Lawyers is calling for those who have been contacted by their NDIS service provider to provide relevant details about the breach.


The law firm is particularly keen to understand when individuals were notified about the breach and the type of data that was compromised.


Centennial Lawyers has a track record of legal action over data breaches, having successfully brought a class action against the NSW Ambulance Service over a data breach in ..

Support the originator by clicking the read the rest link below.