Brisbane mum, Nadine*, booked in for a boob job last September because she was suffering from low self-esteem.
The 41-year-old chose to get 365cc implants after being measured as “less than a 10A” cup size.
She posed for half-naked photos at the surgery to document her breast augmentation and now the images – which show her face – could be in the wrong hands.
While scrolling on Facebook, the mum-of-three discovered the cosmetic surgery company she trusted had clients’ confidential information “hacked” on Friday.
It’s claimed naked photos and medical records of hundreds of women from The Cosmetic Institute (TCI) were published online, The Daily Telegraph reports.
Centennial Lawyers principal solicitor, George Newhouse, says cosmetic surgery is a very sensitive and personal issue.
He told Mamamia if details of medical procedures and photographs have been made public the effects can be catastrophic.
“Public disclosure can affect careers, relationships and even a person’s health and welfare. Public exposure of this kind of intimate information can be traumatic and embarrassing,” he said.
Nadine says she was disappointed when she came across TCI's apology online, rather than being contacted directly.
In the Facebook post, TCI said they were "deeply concerned" to learn of the hacking of confidential data and were "very apologetic" to those who have been affected.
“I’ve been involved in a number of data breaches but, according to reports, this is by far the worst because of the sensitive and intimate nature of the information being released,” Professor Newhouse told The Telegraph.
“This data breach contains highly sensitive information and ... naked photos. I’ve never seen anything like it.”
The lawyer says the data, which is said to date back to 2014, could have been viewed by “potentially millions of people”.
Former TCI client, 20-year-old Jessica Clough, old The Daily Telegraph she felt “violated” and “sick to the stomach”.
“It is supposed to be private and confidential information and they have breached our privacy in the worst possible way,” Ms Clough said.
TCI claim their patient database including pre and post-op photos were not accessed.