Asylum seekers, families allegedly threatened after Australian immigration data breach

A compensation claim is being heard after the immigration department published personal information about almost 10,000 people on its website, which was accessed globally

The personal details of nearly 10,000 people seeking asylum in Australia – unlawfully posted online by the Australian government – were accessed by people in foreign countries, including China, Russia, Egypt, and Pakistan, and from masked anonymous locations.

New documents show the information was allegedly used to threaten asylum seekers, and to persecute their families.

The Department of Immigration and Border Protection – now home affairs – was alerted to its massive accidental data breach by a Guardian investigation in February 2014.

A compensation claim on the breach is being heard on Monday morning in the Administrative Appeals Tribunal. The total payout could run to tens of millions of dollars.

The personal information of 9,528 people then held in immigration detention – including full names, citizenships, dates of birth, location and period in immigration detention – was publicly available online on the department’s website for eight days in early 2014. More than 2,500 of them were children.

In January, the office of the Australian information commissioner ordered the Australian government to pay compensation to nearly 1,300 people from that group who mounted a class action against the government, arguing that the exposure of their information could leave them vulnerable to persecution if forced to return to their home countries.

The payout model put forward by lawyers for those affected proposes at least $10,000 in compensation for each person for the impact on their privacy and human rights, with additional payments, possibly more than an additional $25,000, for people acutely affected by their private information being released. The OAIC has proposed a range from $500 to more than $20,000.

Newly available tribunal documents reveal that, while most IP addresses accessing the information were Australian, there was access from at least 11 other countries, including China, Egypt, the Russian Federation, Pakistan, Malaysia, and India. It was also accessed from anonymous locations.

The report, a Microsoft excel document, was directly accessed 123 times by 104 unique IP addresses. It was downloaded at least 26 times, the department says. The report was also available on the internet archive for 16 days: it is not known how many times, and from where, it was accessed there.

According to submissions on behalf of the affected people, the data breach has been used against asylum seekers and, in some cases, led to their families in their home countries being threatened.

In one case, a verdict in a foreign court explicitly referenced the data leaked on the Australian government website as evidence that a person linked to an asylum seeker then in Australia had helped the asylum seeker flee their home country. The person was jailed as a result.

“Multiple class members [asylum seekers] have provided documentary evidence of repercussions against their families upon their protection applications becoming known, after the data breach,’’ documents before the tribunal state.

“The risk of this information being accessed by authorities is now realised, and if they were to attempt to return home they would be at a high risk of being persecuted by authorities, or of having their families persecuted.”

The department sent emails and letters to those people whose privacy had been breached. Not all were able to be reached. Some had left Australia, and at least 172 were not sent notices because they had died, according to the department’s records.

Slater and Gordon, acting for the asylum seekers, said the loss of the personal information was especially damaging for people seeking asylum. “The immense fears flowing from the data breach are well founded,’’ the legal firm said.

“The data breach is a particularly serious one, and the consequences of the breach may yet be particularly harmful.”

Slater and Gordon has argued that the secretary of the department should reconsider applications for protection visas made by class members, but that were refused, in light of the data breach.

“The loss of the confidential nature of the information cannot ever be rectified – on the secretary’s own evidence, it seems that there is no way to know where the information currently is or how far it has (or will) spread; there is no suggestion or sense that the sensitivity of the personal information or the potential risks posed by its disclosure will diminish materially over time (particularly in cases of class members who have left behind relatives or close friends or associates in their former countries),” the firm said.

The department, in documents before the tribunal, said as soon as it was alerted to the data breach by the Guardian, it took steps to remove the document within 45 minutes. It wrote to those affected “to alert them that the inadvertent disclosure of their personal information had occurred and to express the department’s deep regret that it had inadvertently allowed potential unauthorised access to the individuals’ personal information”.

In this correspondence, the department noted that it would assess any implications for the individuals as part of its normal processes, and that individuals could also raise concerns during those processes.


Ben Doherty

The GuardianTramp

Related Content

Article image
Australia returns 20 Sri Lankan asylum seekers after boat intercepted
For the first time in five years, asylum seekers were briefly detained on Christmas Island

Staff and agencies

29, May, 2019 @10:01 PM

Article image
‘Never given a chance’: freed asylum seekers lament lost decade in immigration detention
Advocates hope release of Bangladeshi men is a sign Albanese government is winding back arbitrary detention

Paul Karp

20, Nov, 2022 @2:00 PM

Article image
'We are sitting ducks for Covid 19': asylum seekers write to PM after detainee tested in immigration detention
Doctors are calling on people to be released from immigration detention, saying it could exacerbate the public health crisis

Rebekah Holt and Saba Vasefi

23, Mar, 2020 @9:29 PM

Article image
High court finds asylum seekers affected by data breach treated fairly
Two of the 10,000 asylum seekers whose personal details were disclosed on the immigration department website had their refugee claims fairly assessed, finds court

Paul Farrell

27, Jul, 2016 @3:02 AM

Article image
‘Torturous’: Australian family fights to free refugee held for eight years without charge
Loghman Sawari was 17 when he was placed in a men-only centre on Manus Island. Nearly a decade on, and another child refugee wants to know why he’s still in detention

Ben Doherty

19, Jul, 2021 @5:30 PM

Article image
‘I was squatting’: why asylum seekers so often struggle to find secure housing
Homelessness or threats of eviction are common, a new report has found, while the insecurity can lead some into coercive sexual relationships

Stephanie Convery

11, Dec, 2021 @7:00 PM

Article image
Inside Christmas Island: the Australian detention centre with four asylum seekers and a $26m price tag
The sole occupants of a million-dollar facility off the country’s coast are two adults and two small children, who are paying the price for its war on refugees

Helen Davidson

25, Jan, 2020 @7:00 PM

Article image
More states could help asylum seekers denied welfare by Coalition
NSW only state not prepared to follow Victoria, which announced $600,000 to assist asylum seekers who were cut off income and accommodation support

Helen Davidson

11, Sep, 2017 @9:17 AM

Article image
Coalition used private contractor to collect intelligence on Nauru asylum seekers
Exclusive: asylum seekers in the offshore detention centre who had contact with Australian journalists, lawyers and advocates were closely watched, documents reveal

Christopher Knaus

05, Aug, 2022 @8:00 PM

Article image
Morrison rejects Labor offer on Nauru asylum seekers as 'horse-trading'
Labor proposes amendments to New Zealand resettlement bill it earlier opposed

Katharine Murphy and Helen Davidson

23, Oct, 2018 @5:37 AM