What happened
In May 2025 the Australian Human Rights Commission disclosed that a web-form misconfiguration had exposed around 670 documents between March and May, roughly 100 of which were accessed via search engines [ahrc-co], [ahrc-cd]. The documents could contain names, contact details and, in some cases, health information, schooling, religion and photographs [ahrc-co].
Current status
Disclosed. It was an accidental exposure, not a malicious attack; the AHRC notified the OAIC [ahrc-co]. No count of affected individuals was published, so none is asserted here.
Why it matters
People bring sensitive personal circumstances to a human-rights body in confidence; an accidental exposure of that material — some of it indexed by search engines — is a serious trust failure even without an attacker.