It’s understood the data breach, which occurred on February 5, triggered a rule in the Privacy Act that requires the incident to be escalated to the Commonwealth’s Information Commissioner.

MORE TOP NEWS

Nebulisers banned at NT’s Howard Springs quarantine facility after Melbourne Holiday Inn outbreak

Chief Minister Michael Gunner ‘shocked’ at NT Health COVID-19 poster laksa misidentification ‘shame job’

How a mothballed mining camp in Darwin’s outskirts became Australia’s best COVID-19 quarantine asset

NT Health confirmed the breach occurred when 4400 government and non-government contacts were emailed an update about the Territory Check In app.

The addresses were not anonymised as is normal for email blasts, revealing the personal and business emails of Territorians.

In an apology email sent to those affected, obtained by the NT News, the department “sincerely” apologised for the “unintentional error” and said it had taken steps to ensure it does not happen again.

NT Health also moved to “absolutely assure” Territorians that their data held as part of the check in app system is safe, only stored for 28 days and accessible only in the event of contact tracing.

“This breach is unacceptable, and processes have been carried out to ensure this error does not happen again,” an NT Health spokeswoman said.

“The email addresses were not from users of The Territory Check In app, but from the register of local businesses only.”

HOT NEW DEAL: $1 for 28 days subscription offer

Under the Privacy Act and rules enacted in 2018, NT Health has to report itself to the Office of the Australian Information Commission and notify “individuals affected when a data breach is likely to result in serious harm to an individual whose personal information is involved”.

The Opposition took aim at Health Minister Natasha Fyles over the data breach, questioning how the restructure of NT Health would work if the department “can’t undertake basic functions without exposing Territorians and their businesses to serious risks”.