The Department of Immigration and Border Protection (DIPB) has admitted to inadvertently leaking the personal details of close to 10,000 asylum seekers housed in Australia via its website.
News of the leak was broken today by The Guardian, which reported the database contained full names, nationalities and boat arrival dates and information of all individuals held on a mainland detention facility and on Christmas Island.
In a statement the DIPB confirmed the data breach and said it has taken the information offline.
“The department acknowledges that the file was vulnerable to unauthorised access," a spokesperson said.
“The file has been removed and the department is investigating how this occurred to ensure that it does not happen again.
“This information was never intended to be in the public domain."
The department did not clarify whether the data was accessed by other sources. Immigration minister Scott Morrison said all channels to access the data had been closed and it had not been cached by search engines.
The data involved in the breach equates to a third of all asylum seekers housed in Australia, according to The Guardian.
Opposition immigration spokesman Richard Marles said the leak appeared to be "one of the most significant breaches of privacy in Australia's history" and called it "ineptitude of the greatest degree".
"This is a government with a culture of secrecy but it is utterly unable to manage secrecy," Marles said.
"This is a government which refuses to put information into the public domain which should be in the public domain, but which [takes] private information which should be nowhere near the public domain, [and] makes it public.
"We need to understand how this happened, and there are serious questions that need to be answered by the government in relation to this."
Greens Senator Sarah Hanson-Young said the breach made a "mockery" of Prime Minister Tony Abbott's "obsession with secrecy".
"[Immigration minister Scott Morrison] needs to clarify how this occurred, how he will stop it from happening again and how he will ensure the the thousands of asylum seekers whose lives have been put at risk will now be protected because of this huge security breach," she said.
The Privacy Commissioner has announced it will investigate the breach, while the Immigration department said it has engaged KPMG to review and report on how it occured.
Click through for the security industry's analysis of the incident
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
