One of Australia’s largest IVF clinics has refused to reveal how many patients had their personal information published to the dark web after its data was accessed by an “unauthorised third party”.

IVF giant Genea began emailing patients late last week letting them know they had been affected – more than five months after the breach in February 2025.

One former patient received the email at 11pm on Friday.

The notification email, obtained by news.com.au, is sent from chief executive Tim Yeoh and states “personal information about you was taken and published on the dark web”.

The worst-affected patients were those in category “Annexure A” who, along with their personal identity information, had their “medical diagnosis” and “clinical information” published to the dark web.

“We deeply regret that your personal information has been accessed and published and sincerely apologise for any concern this incident may have caused you,” Mr Yeoh states in the email.

However, Genea told news.com.au it would not be disclosing the total number of patients hit by the leak, as the crime remains “under investigation” by the AFP.

“Genea has concluded its investigation into the cyber incident which impacted our organisation in February. This included a comprehensive analysis of the data published on the dark web to identify impacted individuals and the personal information relating to them,” a statement from Genea said.

“We are now starting to communicate with individuals about the findings from our investigation that are relevant to them, and the steps and support measures in place to help them protect their personal information. Genea expects to communicate with all impacted individuals over the coming weeks.”

Patients furious over lack of communication

One former patient, who wished to remain anonymous, said she was shocked to receive an email from Genea at 11pm on Friday revealing her data had been leaked after months of silence from the clinic.

“The communication from Genea on this data breach has been appalling,” the woman told news.com.au.

“We only found out about this data breach from an email notification at 11pm on last Friday, outside of business hours and telling impacted patients there was nobody available to respond to questions and concerns until 9am on Monday.

“The fact the breach occurred in February, and we are only now being notified, five months on, for the very first time that sensitive information such as our driver’s licence, Medicare number, private health insurance number, all of which can be used for identify fraud, was stolen and is on the dark web is utterly unacceptable,” she said.

“What have they been doing for the past five months? And that isn’t the half of it. We’ve also only been notified now that detailed and highly confidential personal medical information, which could easily be used by hackers to blackmail people, has also been stolen and is on the dark web.

“It beggars’ belief that Genea even kept such sensitive information when we ceased any interaction with the company in 2013 – 12 years ago. Genea cannot claim that information was still needed for the purpose it was collected, and, as such, was legally required to have destroyed or de-identify it long before this breach even occurred,” the woman said.

Dad Matthew Maher, who only learned about the leak back in February thanks to media reports, said he received an email on Thursday night telling him his number, name, address, phone number, Medicare number and private health insurance number had all been posted to the dark web.

In February, the clinic issued a statement stating that they were “urgently” investigating the incident.

“The last couple of weeks I’ve been getting a lot of weird phone calls,” he said.

“I can’t fault Genea, we’ve got a daughter out of it, but this has just put a bad taste to it.”

Mr Maher, who last used Genea six years ago, said he had tried to chase the clinic up in recent months but had been met with silence.

“I have told them if there is a class action or a claim of compensation, I’ll be the first to sign up,” he said.

Claire Tomlin said she had spent hundreds of thousands of dollars with Genea – and was still unsure whether her data had been compromised.

She said she received two emails when the leak first occurred before the clinic “went dark”.

“I’ve had no update. They’ve got to release something,” she said.

“You are really vulnerable when [you first go to Genea]. All the stuff you have to hand over.”

Genea is one of Australia’s three largest IVF providers, with thousands of patients at clinics across the country.

One in every 18 births in Australia occurs with the help of IVF.

Get in touch with the reporter. Sarah.Keoghan@news.com.au

More Coverage

Aussie crime will leave you ‘shocked’

Alice Clarke

Major IVF provider confirms huge data hack

Ria Pandey

Originally published as IVF giant Genea reveals dark web data breach impacting thousands