Hackers have stolen the personal details of customers of a health fund used by Commonwealth Bank employees.
Customers of the CBHS Health Fund recently reported receiving unsolicited emails from suspicious email addresses.
On the company’s Facebook page, several customers said the email contained their personal information and demanded an invoice be paid.
In an email to customers, CBHS chief executive officer Andrew Smith confirmed the stolen information included customers’ names, suburbs, dates of birth, postcodes and email addresses.
But he moved to reassure customers about the extent of the breach.
“At no stage have members’ full home address, health records, bank account details or passwords been accessed,” Mr Smith said.
The company learned about the hack on Monday and said it informed customers on the same day.
The membership information was stolen from a third-party company that provided CBHS with marketing and member communication services.
CBHS would not name the company, but has now terminated its relationship with it.
It is now working with cyber-security technicians to identify the source of the breach.
The company said it did not know how many customers had been affected and said in a statement to the ABC that it was still investigating.
Most customers deleted the suspicious emails, but some appear to have clicked the link and have reported fraudulent banking transactions.
“CBHS has advised members that if they have responded to a suspicious email, they should immediately contact their bank or financial institution to report the transaction,” CBHS said in statement to the ABC.
Though the CBHS Health Fund has no financial ties to the Commonwealth Bank bank, membership is only open to employees or former employees.