Two years ago, I froze my eggs. My reasons were boring (in my early 30s and single) and the results were decent. I won’t go into it here, because talking about how many eggs were retrieved per cycle is fraught with heartbreak for some and competitiveness for others, but I was fortunate enough to not need to do another — very expensive — round.
I know the stats around egg freezing and have conflicting thoughts on the heavy marketing towards women, but I have to say: the process was great. A little time consuming, and not exactly fun, but I’ve never looked back. I found myself in a long-term relationship shortly after, and I hope we’ll be able to have children without needing to unfreeze my eggs.
If it wasn’t for the $50 coming out of my account every month for storage, I wouldn’t really think about it again — except for the fact that all my personal details just got hacked.
I froze my eggs via Genea, one of Australia’s biggest fertility clinics. To be honest, I didn’t choose them for any particular reason. Once I decided to freeze my eggs I just wanted it done, and as a journalist, I’d come across the name in the egg freezing articles and podcasts I devoured.
Last week, Genea informed patients that a “cyber incident” was being “urgently investigated”.
And yesterday, I received confirmation that my details were accessed by a third party.
“On 14 February 2025, we became aware of suspicious activity on our network,” an email from CEO Tim Yeoh said. “Following this, we promptly launched an investigation to determine the nature and scope of the activity. In the course of these investigations, Genea discovered that it had been impacted by a cyber security breach.”
My personal details that Genea confirms have been accessed by a third party include my full name, date of birth, email, addresses, phone number, Medicare card number, private health insurance details, emergency contacts and next of kin. It also includes highly sensitive medical information like my medical history, diagnoses and treatments, medications and prescriptions, patient health questionnaire, pathology and diagnostic test results, and notes from doctors and specialists.
Every single thing I spoke to a doctor about while freezing my eggs is now available for someone else to read. My medications, my fertility concerns, my hopes for the future. I’m a fairly open person, and even that makes me squirm.
“You almost couldn’t think of a relationship you have with an organisation that’s already so emotional to begin with,” Toby Murray, Associate Professor at the School of Computing and Information Systems at the University of Melbourne, tells me. “It must be hell for some people.”
Genea wouldn’t confirm to me the number of customers impacted by the breach, but the number of Australian women and others freezing their eggs has exploded in recent years, tripling in the five years to 2020. In 2022, there were 108,918 assisted reproductive treatments cycles performed in Australia and New Zealand, according to the Australian and New Zealand Assisted Reproductive Database’s (ANZARD) most recent annual report.
“We understand that hearing about an incident like this can cause concern and we sincerely apologise for this,” the email from Yeoh continued. “I want to reassure you that our teams of specialists, nurses, scientists and support staff are working tirelessly to minimise any impact to the treatment of our patients which is always our highest priority. Our technology teams have also been working around the clock with cyber security professionals to securely restore our systems while progressing our investigation.”
So how worried do I — and the thousands of other patients — need to be?
How concerned should Genea patients be?
The scariest thing is that we simply won’t know what comes next, Murray tells me. However, we can look to the MediSecure data breach from 2024 for clues.
“I think it’s important to note that we’ve seen really impactful data breaches previously of really sensitive information, but by and large, what we haven’t seen is large scale harms from those,” he says. “If you look at the Medibank private breach from a couple of years ago, there was really sensitive information released in that breach as well. It was really scary, I was impacted by that breach, and it wasn’t super obvious what the goal was, but we didn’t see stories of massive numbers of people who suffered identity theft as a result of that breach, or who were harassed because of their medical history.”
However, Murray admits it’s not easy to draw a link between data breaches and individual harms. “The risks are really hard to work out,” he continued.
“When you’ve got names, email addresses, home addresses, phone numbers, Medicare card numbers, private health numbers and what not, all that stuff is potentially useful for identity theft. After recent breaches like Optus [in 2022], we didn’t see lots of reports of identity theft, but what we did see were reports of people getting scam messages.”
In other words, if you’ve been caught up in a data breach, you’re more likely to be targeted by scammers. And sometimes, those scammers are preying on the very vulnerability the data breach has put you in.
“In the wake of big breaches, people will get text messages to say things like, ‘If you’ve been impacted by this breach and you want to protect yourself, then click on this link and hand over this information’,” Murray continues. “People are freaked out, they’re looking for information, they’re looking for certainty or reassurance, and they click on that message.”
Genea wouldn’t confirm to me how the hackers got my information in the first place, or what steps were being taken prevented to ensure it doesn’t happen again. Comments on their Instagram make it clear others are still searching for answers — a particularly fraught process for those in the middle of treatments.
Why did scammers target Genea?
It’s hard to pinpoint a more emotional type of data breach than a company helping people trying to conserve or kickstart fertility. I’m incredibly fortunate in that my frozen eggs are not something I have to pin my hopes on, but for tens thousands of women (and others) undergoing IVF, or going through successive freezing cycles to hit a ‘safe’ number of eggs, or for whom fertility markers are looking out of reach, it’s another blow in an already emotionally fraught — and expensive — process.
However, it’s probably not this highly sensitive information hackers are after, Murray says. Usually hackers are trying to blackmail the company, rather than go after individuals themselves.
“The kind of information that’s useful is the sort of information that’s useful for making money,” he says. “If you get someone’s credit card details, then it’s easier to make money out of that than, say, their Medicare card.”
My first thought was that my personal health data would be bought by insurance companies to raise premiums. And while it’s not impossible, Murray says, Australia has “better norms around that kind of stuff” than, say, the United States.
“The bigger concern here is we just don’t know,” he said. “Anyone who’s impacted now worries about that as a potential risk. The real message here is that individuals shouldn’t have to worry about that. You should be able to trust your information with organisations like Genea, and expect them to secure that information properly and minimise these risks.”
What can people impacted by the data breach do?
The key thing right now is for people impacted by the Genea hack to be on high alert for scams, particularly those using your anxiety around the hack against you. If you receive an email from ‘Genea’ asking you to click a link to find out more about the breach, double (and triple) check if the email is actually from Genea. Typically you can do this by looking closely at the email address, but another way is to simply skip the link clicking part and call Genea up yourself.
There are companies that offer identity theft services, where they monitor your credit file and alert you each month to any loans taken out in your name. Genea has offered its patients the support of IDCARE — Australia’s national identity and cyber support community — at no extra cost.
You can also go through the painful admin process of changing your key pieces of information, like Medicare cards or phone numbers.
“We are notifying all affected individuals and providing them with clear steps they can take to help protect their personal information. We have also set up a dedicated team to support all affected individuals,” a spokesperson said.
“The protection of our patients, staff and partners’ information is of utmost priority. We apologise for any concern that this incident has caused and will provide patients with relevant updates as we learn more.”
And finally, we wait to hear answers. Genea has said at this stage, there is no evidence financial information like credit card numbers were taken. A small mercy.
Lead photo: Supplied / iStock.
