The Office of the Australian Information Commissioner (OAIC) is urging those impacted by the Immigration department's 2014 data breach to contact the office as part of its determination over whether to award compensation.
The 2014 data breach saw the personal details of 9258 asylum seekers exposed online.
The database included full names, nationalities, dates of birth, gender, and boat arrival dates of all individuals held on Christmas Island and in a mainland detention facility.
Immigration staff had copied charts and tables directly from a Microsoft Excel spreadsheet, resulting in the underlying data being embedded in the final Word version of the document.
The data was accessible on the Immigration website for nine days, and cached on an archived search engine for around two weeks.
Privacy commissioner Timothy Pilgrim later that year found Immigration had breached its obligations under the nation's Privacy Act.
As at last July Immigration had spent almost $1 million in legal fees as a result of the breach.
But it warned at the time that costs were expected to rise as a result of privacy complaints and a number of lawsuits from asylum seekers who claimed to be more vulnerable to persecution in their home countries because of the breach.
A group complaint on behalf of affected individuals was made to the OAIC in August 2015.
As part of its investigation into the collective complaint, the OAIC today urged victims to contact the office and provide information about any loss or damage they had suffered as a result of the breach.
"The commissioner is preparing to make a determination on this matter ... in which he will consider whether a remedy, including any compensation, should be awarded to any individual group member who has suffered loss or damage as a result of the data breach," the OAIC's notice reads.
Information provided to the OAIC should include anything the individual considers to be "relevant to the loss or damage you suffered". This could include a statutory declaration or signed statement.
"You may also include any evidence you have from the time of the data breach, or when you first found out about the data breach, (such as medical reports) that contain details about how you reacted to the data breach, and any treatment you received as a result of the data breach's impact on you," the OAIC said.
Victims have until April 19 to contact the office.
The OAIC did not indicate when it expected to make a decision on any potential compensation.