The Australian Human Rights Commission (AHRC) has disclosed a data breach caused by a technical misconfiguration, leading to the unintended public exposure of sensitive documents. Approximately 670 documents were potentially accessible online, with around 100 accessed by search engines like Google and Bing.
Affected: Australian Human Rights Commission
Affected: Australian Human Rights Commission
Keypoints
- The breach resulted from a technical misconfiguration, not malicious activity.
- Documents uploaded through various webforms were temporarily accessible online, including by search engines.
- Approximately 670 documents were affected, with about 100 accessed publicly.
- The breach was initially discovered on April 10, 2025, affecting documents from April 3 to April 10, 2025.
- The exposure extended beyond complaint forms to other projects, including the Speaking from Experience Project and Human Rights Awards nominations.
- Some documents contained personal and sensitive information, while others had non-personal data.
- The AHRC is working to identify and notify affected individuals and has taken measures to prevent further exposure.