“Of these, around 100 documents were accessed online, for example by search engines such as Google or Bing. Many of these documents contain personal information. Some documents contain no personal information, and others contain information that is already publicly available.”

VIEW ALL

The AHRC said it has “taken action to address the disclosure” and petitioned to have the documents removed from the relevant search engines.

“The disclosure was not the result of a malicious or criminal attack. We will provide updated information as our investigations continue,” the AHRC said.

According to the AHRC’s notification, individuals may be affected if they:

• Made a complaint that included attachments using the web form on its website between the dates of 24 March and 10 April 2025.
• Made a submission to the Speaking from Experience project using the web form on its website between March and September 2024.
• Made a nomination to the Human Rights Awards 2023 using the web form on its website between 3 July 2023 and 4 September 2023.
• Made a submission to the National Anti-Racism Framework concept paper using the web form on our website between October 2021 and February 2022.

At this point in time, the AHRC is working to confirm how many individuals have been impacted by the inadvertent data breach and is continuing to investigate how it occurred and has disabled all web forms on its website.

“The commission has established a task force to respond to the data breach and has taken immediate steps to prevent any further access to the affected documents,” the AHRC said.

“We have treated this data breach with the highest level of concern and are carrying out a thorough and comprehensive investigation and review of the impacted data, with the support of our experts.”

The Office of the Australian Information Commissioner has been informed regarding the data breach.