This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

ACT Government

Summary

The ACT Government accidentally published a spreadsheet containing sensitive health and personal information from nearly 30,000 workers' compensation claims spanning a decade. The data included medical diagnoses, injury details, and personal information of public sector employees who had made workplace injury claims.

What Happened

In November 2021, the ACT Government inadvertently published a spreadsheet on its website containing detailed workers' compensation data for claims lodged between 2011 and 2021. The spreadsheet was meant to contain anonymised, aggregated data but instead included sensitive personal and health information.

The exposed spreadsheet contained approximately 30,000 rows of data with information about individual workers' compensation claims, including specific injury types, medical conditions, and treatment details. The data breach was discovered when it was brought to the attention of the government and privacy advocates.

The incident was categorised as human error - the wrong version of a document was published to the government website. The file remained publicly accessible until the error was identified and the document was removed.

Impact on Individuals

The breach exposed highly sensitive information about ACT public sector workers who had made workers' compensation claims:

  • Medical information: Diagnoses, injury descriptions, treatment received
  • Personal details: Names, dates of birth, contact information, addresses
  • Employment information: Workplace, nature of work-related injury or illness
  • Claim details: Compensation amounts, claim outcomes

This information could lead to:

  • Workplace discrimination: Employers or colleagues could access details about health conditions
  • Privacy violation: Sensitive medical information exposed without consent
  • Stigmatisation: Mental health conditions and workplace injuries revealed publicly

The United Firefighters' Union and the opposition called for independent investigations into the breach and urged affected individuals to lodge complaints with the privacy watchdog.

Organisational Response

Once the error was identified, the ACT Government immediately removed the spreadsheet from its website. The government acknowledged the breach and worked to notify affected individuals.

The Canberra Liberals called for an external review into the data breach, while the United Firefighters' Union referred the matter to the privacy watchdog. The incident prompted calls for independent investigation into how such sensitive data could be accidentally published and what safeguards failed.

The ACT Government committed to reviewing its data handling and publication processes to prevent similar incidents.

Verification Source: View original statement