This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Department of Foreign Affairs and Trade - Stranded Australians

The Department of Foreign Affairs and Trade (DFAT) unintentionally revealed private email addresses of Australians stranded overseas during the COVID-19 pandemic when sending group correspondence about repatriation flights.

What Happened

DFAT inadvertently exposed email addresses of stranded Australians when sending communications about government-facilitated repatriation flights. Instead of using blind carbon copy (BCC) to protect privacy, emails were sent in a manner that revealed all recipients' email addresses to each other.

The error occurred during the stressful early period of the COVID-19 pandemic when tens of thousands of Australians were stranded overseas due to border closures and dramatically reduced international flight availability.

Impact on Individuals

Affected individuals had their email addresses exposed to other stranded Australians. While the sensitivity of the data itself was low, the context was concerning—revealing to strangers that specific individuals were stranded overseas and seeking government assistance. This could potentially enable targeting or scams.

Organisational Response

DFAT acknowledged the error and apologised to affected individuals. The department reviewed email distribution procedures to prevent similar incidents. The breach highlighted the challenges government agencies faced in rapidly scaling up communication systems during the pandemic emergency response.

Verification Source: View original statement