Office of the Migration Agents Registration Authority

Summary

The Office of the Migration Agents Registration Authority (OMARA), part of the Australian Department of Home Affairs, disclosed an accidental data breach on 6 May 2025. A misconfiguration in the OMARA Portal's search function allowed certain internal documents relating to six registered migration agents to be accessible for viewing and downloading between 5 and 6 May 2025.

What Happened

On 5 May 2025, a misconfiguration in the OMARA Portal's search function inadvertently made internal documents accessible to public users. When users searched for a registered migration agent's name, certain internal documents became available to view and download. OMARA became aware of the issue on 6 May 2025 and immediately shut down the OMARA Portal. The breach affected six registered migration agents and occurred over a 24-hour period.

Impact on Individuals

Six registered migration agents had their internal documents exposed. The accessible information included agent full names, migration agent registration numbers, related business contacts, and internal commentary that OMARA collects regarding the agents as part of its regulatory functions. All six affected individuals were contacted and offered support.

Organisational Response

OMARA immediately shut down the Portal upon discovering the issue on 6 May 2025. Departmental experts conducted an investigation that concluded the data breach was a small and isolated event not resulting from malicious or criminal attack. OMARA reported the matter to the Office of the Australian Information Commissioner, contacted all affected individuals to offer support, and restored the Portal to normal operation after resolving the misconfiguration.