Nova's CEO offered the usual boilerplate
We take privacy, and the security of the information we collect from our listeners very seriously, and on behalf of Nova Entertainment I deeply and sincerely regret that this incident has occurred,
We are fully committed to achieving the best possible outcome for anyone affected by this incident.
[Nova’s investigation is] substantial and ongoing.No doubt truly, deeply and meaningfully.
The CEO is reported as stating
We have notified the Office of the Australian Information Commissioner of this incident, and we are in the process of contacting law enforcement bodies.
We will fully and transparently engage with these entities in relation to this incident.It appears that data collected from Nova's listeners in Australia over a two-year period (May 2009 to October 2011) has been “publicly disclosed”. No specifics, of course, about whether we are talking an absent password, lost unencrypted USB, misplaced laptop or swag of printouts left on top of an overflowing skip.
Nova is in the process of contacting those affected.
The information disclosed may include names, gender, dates of birth, addresses, email addresses, phone numbers, and account details such as user names and passwords.
Nova is encouraging people affected to change their passwords for their email account and all other online accounts using the same email address, username or password, including email, social media and online bank accounts.
Let's hope that we see an OAIC report that has more substance than the usual elliptical 'we talked privately with the data custodian, they assured us they were sorry and promised never ever to let happen again' report in ten lines or so.