The Australian Human Rights Commission (AHRC) disclosed a data breach. Attachments from its online complaint form were inadvertently exposed. Search engines indexed these submitted attachments. The incident occurred between April 3 and April 10, 2025. Complaint attachments uploaded March 24 to April 10, 2025, were affected. Documents for other projects were also publicly accessible. These included anti-racism framework and awards nominations. This breach was not from a malicious external attack.
The data breach exposed various personal information types.
This included names, addresses, emails, and phone numbers. Work details, health information, education, and religion were also exposed. Photographs were among the compromised data. Some exposed attachments contained no personal information. Data in others was already publicly available. Around 670 documents were made potentially accessible. Of these, about 100 documents were accessed online.
This access was often by search engines like Google.
The AHRC has been working to remove the documents. They are trying to get them de-indexed from search engines. The commission is also identifying all impacted individuals. Relevant authorities, including the Office of the Australian Information Commissioner (OAIC), have been notified. All web forms on the AHRC site were disabled. This action prevents further exposure due to misconfigurations. A dedicated taskforce is now investigating the incident. More details about the breach will be provided later.
Individuals confirmed to be impacted will be personally notified. The AHRC has established a helpline to offer support. They advise affected people to watch for scams. Links to mental health support are also provided. This acknowledges the potential distress caused by the exposure. AHRC is an independent body promoting human rights. It investigates discrimination complaints in Australia.
Reference: