Australian Migration Authority leaks internal agent data via Website search function

The Australian Department of Home Affairs' Office of the Migration Agents Registration Authority (OMARA) is reporting an accidental data leak that exposed information about six registered migration agents through a misconfigured website search function. 

The incident occurred between May 5 and 6, 2025, when users searching for registered migration agent names in the OMARA Portal could access and download certain internal documents that should have remained confidential.

OMARA became aware of the breach on May 6, 2025 and immediately shut down the portal and initiated an investigation. The breach was caused by a configuration error in the portal's search functionality that inadvertently made internal documents accessible to public users.

The exposed data included:

• Agent full names
• Migration Agent Registration Numbers
• Related business contacts
• Internal commentary collected by OMARA regarding the agents as part of normal regulatory functions

The incident affected six individuals during the exposure window. OMARA stated that it cannot definitively confirm whether documents relating to other agents may have been accessed incorrectly during this period.

The organization has restored the portal to normal operation with appropriate security measures in place. All six affected individuals have been contacted directly and offered support services. OMARA has reported the matter to the Office of the Australian Information Commissioner.