The Australian Human Rights Commission (AHRC) has disclosed a data breach resulting from the inadvertent exposure of attachments submitted through its online complaint form, which were indexed by search engines.
The incident occurred between April 3 and April 10, says the independent third-party organization investigating discrimination and human rights breach complaints.
“We understand that this affected complaint attachments uploaded to the Commission’s online complaint webform between 24 March 2025 and 10 April 2025. We understand that these documents were made publicly available and accessed between 3 April 2025 and 10 April 2025,” AHRC says.
Attachments uploaded for the commission’s National Anti-Racism Framework concept paper, for the Speaking from Experience Project, and Human Rights Awards 2023 nominations were also affected.
“We understand that these documents were made publicly available and accessed between 3 April 2025 and 5 May 2025,” AHRC says.
The data breach led to the exposure of personal information such as names, addresses, email addresses, phone numbers, work contact information, employers and roles, health information, education and religion information, and photographs.
According to the commission, some of the attachments submitted through the online form contain no personal information, while the information in others is already publicly available.
The incident impacts individuals who used its website to submit a complaint attachment between March 24 and April 10, make a nomination to the Human Rights Awards 2023 between July 3, 2023 and September 4, 2023, or make a concept paper submission between October 2021 and February 2022.
AHRC identified three attachments that were submitted through the online form for the Speaking from Experience project that were exposed publicly and accessed online, and notified all the impacted individuals. Those who did not receive a notification were not impacted.
“The Commission’s best information is that around 670 documents were made potentially accessible in error. Of these, around 100 documents were accessed online, for example by search engines such as Google or Bing,” the organization notes.
AHRC says it has been working on having the documents removed from search engines and on identifying all the impacted individuals. It also notified the relevant authorities about the data breach.
Related: 437,000 Impacted by Ascension Health Data Breach
Related: 160,000 Impacted by Valsoft Data Breach
Related: 4 Million Affected by VeriSource Data Breach
Related: African Telecom Giant MTN Group Discloses Data Breach
