🔒breach.co.nz · the NZ & Australia breach register 🛡️ A Govern service
Register › 🇦🇺 AU › Government
Government sector · leaderboard
Own the Government leaderboard
The top banner across the Government overview and every Government record — one advertiser, exclusively.
Own this leaderboard → breach@govern.co.nz

National Disability Insurance Agency

🇦🇺 Australia · National Disability Insurance Agency (NDIA) · Record AU-2023-1129
○ Reported — awaiting official confirmation
Reported — awaiting official confirmation. The facts below are drawn from the organisation's own disclosure and credible reporting. Figures are as reported; unknowns are labelled, not estimated by us.
People affected
Not disclosed
Breach date
2023-11
Regulator
AFP (charges and sentencing); NDIS Quality and Safeguards Commission
Trust tier
B · Reported

Data exposed

Full name, date of birth, gender and address/postcode of NDIS participants (some of whom were minors at the time) Company-confirmed

Confidence: Confirmed = regulator/court · Company-confirmed = the organisation's own disclosure · Media-reported = press. Figures without an official source are labelled, not estimated.

What happened

In November 2023 the National Disability Insurance Agency disclosed an insider breach in which a staff member, financially motivated, accessed and leaked participants’ personal details — names, dates of birth, gender and addresses [ndia-co], [ndia-itnews]. The AFP charged the former staffer, who was later sentenced [ndia-itnews], [ndia-co]. This is distinct from the June 2023 HWL Ebsworth breach.

Current status

Resolved through prosecution. The exact number of participants affected was not published, so none is asserted here.

Why it matters

Disability-scheme records are highly sensitive, and an insider misusing legitimate access is a distinct threat from an external hack — controls have to guard against both.

GGOVERN Tabletop Exercises · Govern house Brief the minister with a decision you’ve already rehearsed. Book a Discovery Call →