Services Australia was forced to freeze nationwide printing of pensioner concession cards after a private contractor mistakenly released the personal data of more than a hundred people to the wrong households.
An agency spokesperson confirmed it halted physical card production in late May after it became aware of a "mailing error" by an outsourced contractor, after more than 140 people were sent incorrect cards containing strangers' personal details.
Physical card production resumed across the country on Wednesday, though the agency noted that digital versions of the cards on the MyGov app were unaffected.
Nell Archer, a Tuggeranong resident and registered nurse, said her son Teiva Truesdale received a letter from Centrelink more than a week ago with another woman's pension card attached inside.
"When we first saw it, I thought it had been swapped, but the name [on the card] is nothing like my son's", she said.
"We still don't know where his card is."
After returning the card to its owner in Richardson, Nell discovered the older woman had also received a stranger's card, which she had already returned. A photograph led them to a third address, where another young man confirmed his card was also missing.
Fearing her son and others had been exposed to identity fraud, Nell tried to report the privacy breaches to Services Australia.
She claims she was left on hold for 40 minutes before visiting a service centre where she alleged she experienced "aggressive behaviour" from a frontline service worker.
With her son's replacement pension card still missing, Nell lodged a formal complaint with the Commonwealth Ombudsman on Monday and has contacted a lawyer.
"I think that when somebody's welfare is in the hands of Centrelink, their financial welfare, there are big decisions in their hands and they can't even match two names, it's scary," Nell said.
"I feel like my son's privacy has been violated."
It comes after a sharp increase in privacy breaches reported by the agency. Services Australia notified 88 data incidents to the Office of the Australian Information Commissioner in 2024-25, a 76 per cent increase on the 50 reported in 2022-23.
An audit released last December criticised a lack of internal mechanisms within the agency to actively monitor third-party contractors to ensure privacy breaches were identified in real time.
The agency told Senate estimates recently it had undertaken a "mapping task" to identify where automated processes were resulting in errors in its own systems, after a review found the unlawful cancellation of more than 900 people's JobSeeker payments.
