Australian Courts Data Breach 2026:
What You Need to Know
VIQ Solutions, a Canadian transcription vendor contracted to handle Australian federal court recordings, subcontracted that work to an Indian firm in violation of Commonwealth contracts. Thousands of sensitive court files, including domestic violence, child abuse and national security matters, were accessed by unvetted overseas staff. The courts themselves were not breached, but the supplier-chain failure has prompted Senate scrutiny.
Your personal risk from this breach
Sign in or create a free account to see your personalised risk score.
What Happened
How the Australian Courts Offshoring Breach Unfolded
August 2025 onwards
VIQ Solutions, the Canadian transcription provider contracted to handle Australian federal court recordings, begins subcontracting work to e24 Technologies (an Indian tech firm) in breach of its Commonwealth contracts. Internal VIQ staff raise concerns about unvetted overseas staff accessing sensitive court data, but management dismisses the concerns.
Late 2025 to February 2026
Concerns escalate. Internal documents indicate thousands of court files were accessed by e24 workers using Indian email addresses. Files include domestic violence proceedings, child abuse cases, and national security matters.
16 February 2026
ABC News breaks the story, reporting that VIQ Solutions had violated its Commonwealth contracts by sending highly sensitive Australian court data offshore. The Federal Circuit and Family Court and the Federal Court are named as affected. Courts in NSW, Victoria, Queensland, Western Australia, and South Australia are within scope.
Affected jurisdictions include matters before the Federal Circuit and Family Court of Australia and the Federal Court of Australia, and state-level courts whose recordings were processed through VIQ.
Late February 2026
Greens senator David Shoebridgedescribes foreign access to state and federal court cases as a “national security risk”. The Attorney-General's Department reviews the VIQ contract; affected courts undertake their own audits.
Sources: ACS Information Age, Cyber News Centre (22 Feb 2026)
What Was Exposed
Court Material Accessed in the Breach
The exposed material consists of court recordings, transcripts, and case content processed through VIQ Solutions during the affected period. Reporting indicates that workers at e24 Technologies accessed files using Indian email addresses, with no Commonwealth security clearance.
| Data Type | Risk Level | Who Was Affected |
|---|---|---|
| Names of parties (complainants, defendants, witnesses) | High | All matters in affected courts during the period |
| Court proceeding records (transcripts, statements) | High | Per affected matters |
| Domestic violence order content | High | DV-related FCFCOA matters |
| Child abuse case content | High | Child-protection FCFCOA matters |
| Witness statements (national security) | High | Federal Court national-security matters |
| Personal addresses and contact details | High | Where included in court records |
| Identifying information about covert agents | High | Per ABC reporting (Federal Court matters) |
Risk levels based on the OAIC: What is personal information? and OAIC Australian Privacy Principles. Court records combine identity-linked data (names, addresses, contact details), sensitive personal information (legal proceedings, family law matters, child protection), and in some cases information protected under the Privacy Act 1988 sensitive information provisions (s 6(1)). For domestic violence, child abuse, and national security matters the risk to affected individuals is significantly elevated above standard PII exposure.
Scope and Containment
The breach affected transcription and recording infrastructure operated by VIQ Solutions. Australian court systems themselves were not breached. The Attorney-General's Department and individual courts have not confirmed that any specific matter has been redistributed publicly, but the offshoring itself constitutes a significant breach of contractual and security obligations.
Company Response
Government and Court Response
“Access to state and federal court cases by foreign entities is a national security risk.”
Actions Taken
- VIQ Solutions contract under review by the Attorney-General's Department
- Federal Circuit and Family Court and Federal Court of Australia undertaking internal audits of materials accessed
- Affected state-level court systems (NSW, Vic, Qld, WA, SA) reviewing their own VIQ contracts
- ABC News investigation prompted Senate scrutiny
- Calls for stronger Commonwealth-contract enforcement on subcontracting and offshoring
What Now?
Steps You Can Take After the Australian Courts Breach
If you were a party, witness, or complainant in a matter heard before an affected court during the period, your record may have been accessed. The combination of names addresses case content and protective order details warrants heightened caution. Below are practical steps grouped by the situations most commonly affected.
If You Were Party to a Court Matter
Review your matter and seek guidance through proper legal channels.
Review your court matter and contact your lawyer
~15 minConsider whether protective or suppression orders may have been compromised
If You Have a Domestic Violence Order or Family Court Matter
Safety first. Confirm protective orders remain in force and watch for unsolicited contact.
Contact a domestic violence support service
~10 minConfirm protective orders remain in force
Watch for unsolicited contact referencing your case
Heightened Vigilance for Identity-Linked Scams
Court records contain identity-linked detail that can be used to impersonate you or your case.
Treat unsolicited "official" contact with high suspicion
Do not engage with anyone claiming to hold your case material
Reporting and Support
Australian resources for identity protection, court guidance, and victim support.
Contact IDCare for tailored guidance
Use official government and victim-support channels
Stay across future data breaches that may affect you
In The Event Of monitors your personal data exposure across major breaches and alerts you the moment new incidents are disclosed.
Are You Still at Risk?
The Hidden Danger: Compound Breach Exposure
This breach did not happen in isolation. If your identity-linked data also appeared in other major Australian breaches, the combination can build a more complete profile for fraud and impersonation.
How breach data compounds
The Australian Courts breach exposed legal record content tied to identifiable individuals. If your data also appeared in Optus, Medibank, or Western Sydney University, the combined profile can include identity documents, health information, university SSO credentials, and court material. Compound exposure significantly increases the risk of identity fraud and targeted impersonation.
- Optus (2022)9.8M records - identity documents
- Medibank (2022)9.7M records - health information
- Western Sydney University (2025)10K records - SSO + identity documents
- Australian Courts (2026)Thousands of files - legal records + DV/child-abuse content
If your email appears in two or more of these breaches, your risk level is significantly elevated. In The Event Of can overlay your breach data to show exactly where your exposure compounds, and help you prioritise what to address first.
Stay ahead of future data breaches
Get alerted the moment your data is exposed. Free to start.
Monitor My ExposureNo credit card required.
Frequently Asked Questions
Australian Courts Breach FAQ
Sources
- ACS Information Age: "Indian firm accessed Australian court files"
- Cyber News Centre: Australian court data exposed in major third-party breach (22 Feb 2026)
- Webber Insurance: List of Data Breaches and Cyber Attacks in Australia 2018-2026
- Attorney-General's Department (Australia)
- Federal Court of Australia
- Federal Circuit and Family Court of Australia
- 1800RESPECT (domestic and family violence support)
- OAIC: Notifiable Data Breaches scheme
- OAIC: What is personal information? (Privacy Act 1988 categories)
- OAIC: Australian Privacy Principles
Other Major Australian Data Breaches
Data from multiple breaches can be combined to increase identity fraud risk. Review these guides to understand your full exposure.
NYC Health + Hospitals Data Breach 2026
~1.8M records exposed
youX Data Breach 2026
~444K records exposed
Prosura Data Breach 2026
300K-500K records exposed
Canvas (Instructure) Data Breach 2026
~275M (claimed) records exposed
Booking.com Data Breach 2026
Undisclosed records exposed
McGraw Hill Data Breach 2026
13.5M records exposed
Crunchyroll Data Breach 2026
Undisclosed records exposed
Eurail Data Breach 2026
300K+ records exposed
Basic-Fit Data Breach 2026
1M records exposed
Under Armour Data Breach 2025
72M records exposed
Salesforce (ShinyHunters) Data Breach 2025
~1B records exposed
Allianz Life Data Breach 2025
2.8M records exposed
Workday Data Breach 2025
Undisclosed records exposed
Western Sydney University Data Breach 2025
10K records exposed
Genea Fertility Data Breach 2025
940K records exposed
DeepSeek Data Breach 2025
1M records exposed
Tangerine Telecom Data Breach 2024
232K records exposed
Australian Clinical Labs Data Breach 2022
223K records exposed
Qantas Data Breach 2025
5.7M records exposed
Optus Data Breach 2022
9.8M records exposed
Medibank Data Breach 2022
9.7M records exposed
Latitude Financial Data Breach 2023
14M records exposed
MyDeal (Woolworths) Data Breach 2022
2.2M records exposed
Disclaimer: This guide is provided for general informational purposes only and does not constitute legal, financial, or professional advice. The information is based on publicly available sources at the time of writing and may not reflect the most current developments. In The Event Of Pty Ltd (ABN 38 687 352 647) is not affiliated with VIQ Solutions, e24 Technologies, the Australian Government, or any of the affected courts. This guide is based on publicly reported information and is not legal advice. If your court matter may have been affected, contact your lawyer or the court registry directly.