The Australian Human Rights Commission (AHRC) has announced a significant data breach that inadvertently exposed sensitive personal information of individuals who submitted complaints through its online portal. The breach was discovered on April 10, following an internal error that allowed the unauthorized disclosure of attachments uploaded via the commission’s complaint form.
According to the AHRC, the data leakage occurred for complaints filed between March 24 and April 10, with the documents made publicly accessible from April 3 until April 10. In a subsequent revelation on May 8, the commission stated that additional attachments linked to its Speaking from Experience Project, nominations for the Human Rights Awards 2023, and documents related to the National Anti-Racism Framework were also compromised. These materials were available to the public between April 3 and May 5.
Approximately 670 documents were made publicly accessible in error, containing a wide array of personal details. This includes full names, email addresses, residential addresses, phone numbers, and even health information, potentially posing risks to those affected. The AHRC clarified that the disclosure was not caused by any malicious or criminal intent; however, the sensitive nature of the information is concerning given the potential for misuse in social engineering attacks.
The commission has formed a task force to investigate the breach and will review the scope of the incident to ascertain the extent of its impact. It has promptly notified the Office of the Australian Information Commissioner (OAIC) and suspended all online web forms temporarily. For those who believe they have been impacted by the data breach, the AHRC urges them to reach out via [email protected].
Amidst these developments, the commission has advised users to remain vigilant regarding their online accounts and be cautious of any unusual or suspicious activities. Furthermore, they are encouraged to monitor for scams and malicious links that may exploit the leaked information. For additional information on data breach responses, users can explore further insights on scam vigilance and malicious links.