The list, which includes people’s names, dates of birth, addresses and other data, was leaked to the public broadcaster ORF and the daily Der Standard, according to the Austrian Data Protection Authority, which has started a probe.
Matthias Schmidl, the body’s deputy head, told AFP that the probe had just begun so it was too early to tell what had happened and what the consequences could be.
Der Standard reported the former director of HG Lab Truck, a company that carried out PCR tests for the Tyrol government, sent the data attached to an email on August 11 to an IT technician of another company, formerly tasked with data analysis.
The Tyrol government said in a statement that it “implements high security standards for health data”, condemning any leak and warning of legal action “if it is actually true that health data has been passed on to third parties contrary to the agreements”.
The HG Lab Truck ex-director reportedly has denied any fault, saying he was a victim of a hacking attack.
The Alpine province made headlines last year after thousands of international tourists were infected with the coronavirus at its famous ski resorts at the start of the outbreak in Europe.
Tourists have accused local authorities of failing to inform them of the outbreak at the resorts in a timely fashion, as well as a panicked evacuation during which many had to cram onto public transport alongside sneezing and coughing fellow visitors.
Austrian prosecutors investigating the case have not brought any charges.
But the first hearing in one of several lawsuits is scheduled for later this month with a woman, whose husband died after catching the virus, suing Austria over the death.