Kate Bevan, Which? Computing editor, said:
“This data breach is not only potentially high impact for those affected but could also dent public confidence in vital safety measures to help combat the Covid-19 pandemic.
“Health data involves sensitive information which mustn’t get into the wrong hands, and merits specific protection under the GDPR, so it is disappointing that Public Health Wales has failed in its duty to protect people.
“For anyone concerned they could be affected, it’s important to be wary of suspicious emails or fake ‘support’ popping up on social media regarding the breach, as scammers may try to take advantage of it.”