Travel agency Flight Centre is under investigation by the country's privacy regulator after accidentally releasing personal information of an undisclosed number of its customers to third-party suppliers.
The firm confirmed last month that "human error" was behind the data breach.
It has not said how many customers were affected, nor what personal information was disclosed, though in a letter to customers it said "passport details" were included in the leak.
The information was mistakenly sent to a "small number of potential third party suppliers for a short period of time", Flight Centre said last month.
The Office of the Australian Information Commissioner on Friday revealed it had opened an investigation into the leak.
"Flight Centre is cooperating with the Office of the Australian Information Commissioner’s inquiries. Once the investigation has concluded a further statement will be published," it said.
It encouraged Flight Centre customers concerned about their privacy to contact the OAIC directly.
Flight Centre has said it acted quickly to contain the information once it became aware of the breach, and was assured by suppliers that they had not retained copies of the data.
It offered to fund a credit report for those affected as well as 12 months of identity protection and credit monitoring. It also said it would reimburse any costs up to December 31 for those who wished to change their passport.