Genea cyber incident update 3 July 2025
- nicole4844
- Feb 24
- 3 min read
Updated: Aug 15
UPDATED 3RD JULY 2025
The following information is related to a cyber incident which impacted Genea in February 2025.
Genea has now concluded its investigation into the cyber incident, which included a comprehensive analysis of the data published on the dark web to identify impacted individuals and the personal information relating to them.
We are starting to communicate directly with individuals about the findings from our investigation that are relevant to them, and the steps and support measures in place to help them protect their personal information. Please be assured that we are not notifying you about a new incident.
If you have any further questions or would like further information, please email cyber@genea.com.au. Our teams of specialists, nurses and office support staff continue to work hard to provide expert, personalised and world-class fertility care, which is of our utmost priority and importance.
Please click here to view our formal notification and previous updates to patients about the incident.
What happened?
In February 2025, we became aware of suspicious activity on our network. Following this, we promptly launched an investigation to determine the nature and scope of the activity. In the course of these investigations, Genea discovered that it had been impacted by a cyber security breach.
Our investigation identified that some data from Genea’s network, which contained information about our patients, was accessed by a cyber criminal and published on the dark web.
How are we supporting patients?
We have partnered with IDCARE, Australia’s national identity and cyber support service, which provides counselling and other services at no cost if patients wish to seek further support. We have also set up a dedicated call centre to support all impacted individuals.
Genea was also granted a court-ordered injunction to prevent any access, use, dissemination or publication of the impacted data by the threat actor and/or any third party who receives the stolen dataset. We obtained this injunction as part of our commitment to the protection of our patients, staff and partners’ information, and taking all reasonable steps in response to this incident to protect the impacted data and those affected.
To learn more and for a copy of the injunction, click through to orders made on 25 February 2025, 25 March 2025, 28 April 2025, 14 May 2025 and 24 July 2025.
Who have we informed about the incident?
This crime remains under investigation by the Australian Federal Police. We also notified and are continuing to provide information about the incident to the Office of the Australian Information Commissioner, the National Office of Cyber Security, the Australian Cyber Security Centre, and relevant state departments.
Additional recommendations for impacted individuals
We know that an incident like this can be concerning and encourage impacted individuals to refer to your notification letter which contains tailored recommendations about action that you can take to help protect your information.
Here are some general steps you can take:
Be extra careful about opening any suspicious emails, texts or phone calls, or any possible attempts to contact you from people or organisations you don’t know.
Remain vigilant as to any other attempts that might relate to possible identity theft or fraud using your personal information.
If you have any questions about government-issued identity document information (such as your driver licence, Medicare card or passport), please contact the agency that issued the identity document for advice.
Visit the Australian Cyber Security Centre website or the ACCC’s Scamwatch for further information about online safety, cyber security and other helpful tips.
Read more information about protecting yourself from identity fraud here.
We thank our community for their patience and understanding during our investigation into this cyber incident. We deeply regret that personal information was accessed and published and sincerely apologise for any concern this incident may have caused.
The protection of our patients, staff and partners’ information remains our utmost priority.