The Australian Human Rights Commission (AHRC) has confirmed it was impacted by a significant data breach that exposed hundreds of sensitive documents uploaded via its website. The breach involved attachments submitted through the Commission’s online complaint webform between March 24 and April 10, 2025. These documents were inadvertently made publicly accessible and were viewed between April 3 and April 10, 2025.
The Commission says the disclosure was not the result of a cyberattack, but rather a technical error. A taskforce has been established to investigate the breach, and the Office of the Australian Information Commissioner has been notified
Impact
On May 8, the AHRC identified that additional webforms related to key initiatives — including the Speaking from Experience Project, Human Rights Awards 2023 nominations, and the National Anti-Racism Framework concept paper were also affected. The breach could impact individuals who submitted complaints or participated in Commission programs.
The exposed attachments may include sensitive personal information such as:
- Full names, email and residential addresses
- Mobile numbers and workplace details
- Health and schooling information
- Religious affiliations and photographs
Some files contained no personal data or only publicly available information. Approximately 670 documents were made accessible online due to the breach and around 100 of these were accessed, including via search engines like Google and Bing.
Who may be affected
You may be impacted if you:
- Lodged a complaint using the AHRC webform between March 24 – April 10, 2025
- Submitted a story to the Speaking from Experience Project between March – September 2024
- Nominated someone for the Human Rights Awards 2023 via the webform between July 3 – September 4, 2023
- Made a submission to the National Anti-Racism Framework concept paper between October 2021 – February 2022
What’s Next
The Commission is continuing its investigation and has promised to provide further updates as more information becomes available. While the breach was not the result of malicious activity, the exposure of potentially sensitive personal information raises serious privacy concerns.
The Commission has taken steps to secure its systems and is urging anyone who submitted materials through the affected webforms to remain vigilant.
As the investigation unfolds, individuals potentially impacted are encouraged to monitor updates and take precautions to protect their personal information.
Source: hxxps[://]humanrights[.]gov[.]au/our-work/commission-general/data-breach-notification
Follow Cybersecurity88 on X and Linkedin for the latest cybersecurity news
