Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
More than 600 submissions to the AHRC were accidentally disclosed online between early April and May, and personal data may have been compromised.
The Australian Human Rights Commission (AHRC) has revealed that more than 600 submissions and nominations to the commission’s website were accidentally exposed online between April and May 2025.
The AHRC became aware of the breach on 10 April, when it discovered that attachments uploaded to its complaint web form between 24 March and 10 April had been publicly available – and accessed – between 3 April and 10 April.
Then, on 8 May, the AHRC discovered more exposed documents, this time attachments submitted to web forms used for feedback on its Speaking from Experience Project, Human Rights Awards 2023 nominations, and the National Anti-Racism Framework concept paper. These documents were exposed between 3 April and 5 May.
“The commission’s best information is that around 670 documents were made potentially accessible in error,” the AHRC said in a 13 May data breach notification.
“Of these, around 100 documents were accessed online, for example by search engines such as Google or Bing. Many of these documents contain personal information. Some documents contain no personal information, and others contain information that is already publicly available.”
The AHRC said it has “taken action to address the disclosure” and petitioned to have the documents removed from the relevant search engines.
“The disclosure was not the result of a malicious or criminal attack. We will provide updated information as our investigations continue,” the AHRC said.
According to the AHRC’s notification, individuals may be affected if they:
Approximately 670 documents were potentially made accessible, while 100 documents were definitely accessed online via search engines. The potentially impacted data includes “full names, email addresses, residential addresses, mobile numbers, employers and roles, work contact information, personal health information, schooling information, religion and photographs”.
At this point in time, the AHRC is working to confirm how many individuals have been impacted by the inadvertent data breach and is continuing to investigate how it occurred and has disabled all web forms on its website.
“The commission has established a task force to respond to the data breach and has taken immediate steps to prevent any further access to the affected documents,” the AHRC said.
“We have treated this data breach with the highest level of concern and are carrying out a thorough and comprehensive investigation and review of the impacted data, with the support of our experts.”
The Office of the Australian Information Commissioner has been informed regarding the data breach.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
