Australian Court Transcripts Exposed in Offshore Data Breach, Raising National Security Concerns
A major breach of sensitive Australian court files has been uncovered, revealing that foreign actors accessed highly confidential legal transcripts in violation of federal law and Commonwealth contractual obligations. The incident, exposed by an ABC investigation, involves VIQ Solutions, a Canada-based company responsible for transcribing court cases across most Australian jurisdictions.
Key Details of the Breach
- Who: VIQ Solutions, which holds contracts with federal and state courts, subcontracted work to e24 Technologies, a Chennai, India-based firm specializing in automated voice-to-text technology without notifying the courts or complying with contractual restrictions.
- What: Thousands of court files, including those involving domestic violence, child abuse, migration cases, and national security matters, were accessed by e24 staff with Indian email addresses. Internal VIQ documents confirmed the offshore access, while a job ad for e24 sought transcribers proficient in "Australian English" for remote legal transcription work.
- When: Concerns were raised by VIQ’s Australian staff as early as August 2025, but management dismissed them as "rumours" and claimed e24 resources were based in Sydney. The breach appears to have persisted for months, with e24 staff working outside Australian business hours and producing transcripts at speeds suggesting automated or AI-assisted processing later found to contain significant errors.
- Why: VIQ’s subcontracting violated its Commonwealth contract, which prohibits offshoring court data or using AI-based transcription. The Federal Court of Australia, which manages the contract, was unaware of e24’s involvement until the ABC investigation.
National Security and Privacy Risks
The breach has raised alarm over potential exposure of classified information, including:
- ASIO and AFP intelligence shared in closed court proceedings, which could reveal links to international criminal organizations or foreign interference.
- Identities of undercover operatives, protected witnesses, and covert police, risking retaliation or black-market exploitation.
- Locations of protected persons, such as domestic violence survivors, which were allegedly left in transcripts sent to respondents a criminal offense under Australian law.
Greens senator David Shoebridge called the offshore access a "national security risk", stating that sensitive data in the wrong hands could cause "incredible damage" to Australia’s interests. He has demanded an independent audit and the termination of VIQ’s contract, criticizing the Federal Court’s "set and forget" approach to oversight.
Internal Fallout and Whistleblower Accounts
- Staff concerns ignored: Australian VIQ employees and contractors reported the offshore access months ago but were told to stop "spreading rumours." A memo from VIQ management falsely claimed e24 resources were Sydney-based.
- Retaliation fears: At least a dozen senior VIQ staff, including the Quality and Assurance team, were made redundant or resigned since July 2023. Whistleblowers described a culture of fear, with team leaders fired for questioning decisions and contractors forced to perform unpaid quality checks on flawed e24 transcripts.
- Security gaps: While VIQ’s Australian staff undergo national security checks and sign confidentiality deeds, it remains unclear what vetting if any e24 employees underwent.
Official Responses
- VIQ Solutions: CEO Larry Taylor stated that contractors like e24 are required to adhere to the same privacy and confidentiality standards as VIQ employees, with all data stored in Australia under the Privacy Act 1988.
- Federal Court of Australia: Acknowledged that VIQ was prohibited from offshoring data or using AI but was unaware of e24’s involvement. The court is now investigating the compliance breach.
- WA Department of Justice: Confirmed it is investigating claims that protected persons’ locations were exposed in transcripts.
- Attorney-General’s Department: Stated that federal courts are responsible for their own operations.
The incident has reignited debates over privatization of critical legal services, with Senator Shoebridge arguing the contract should be brought back into public hands to prevent future breaches. The Federal Court has yet to announce any disciplinary action against VIQ.
VIQ Solutions TPRM report: https://www.rankiteo.com/company/viq-solutions
Federal Court of Australia TPRM report: https://www.rankiteo.com/company/australian-federal-police
"id": "viqaus1771288252",
"linkid": "viq-solutions, australian-federal-police",
"type": "Breach",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Federal and state courts of '
'Australia, protected persons '
'(e.g., domestic violence '
'survivors, undercover '
'operatives)',
'industry': 'Legal transcription services',
'location': 'Canada',
'name': 'VIQ Solutions',
'type': 'Corporation'},
{'industry': 'Automated voice-to-text technology',
'location': 'Chennai, India',
'name': 'e24 Technologies',
'type': 'Subcontractor'},
{'industry': 'Judiciary',
'location': 'Australia',
'name': 'Federal Court of Australia',
'type': 'Government'},
{'customers_affected': 'General public, legal '
'professionals, law enforcement',
'industry': 'Judiciary',
'location': 'Australia',
'name': 'Australian court systems (state and federal)',
'type': 'Government'}],
'attack_vector': 'Third-party subcontracting violation',
'data_breach': {'file_types_exposed': ['Text transcripts',
'Audio recordings (implied)'],
'number_of_records_exposed': 'Thousands',
'personally_identifiable_information': ['Names of undercover '
'operatives',
'Protected witnesses',
'Domestic violence '
"survivors' locations",
'Migration case '
'details'],
'sensitivity_of_data': 'High (national security, personal '
'safety, legal confidentiality)',
'type_of_data_compromised': ['Legal transcripts',
'Personally identifiable '
'information (PII)',
'Classified intelligence '
'(ASIO/AFP)',
"Protected witnesses' identities",
"Domestic violence survivors' "
'locations']},
'date_detected': '2025-08',
'description': 'A major breach of sensitive Australian court files by foreign '
'actors accessed highly confidential legal transcripts in '
'violation of federal law and Commonwealth contractual '
'obligations. The incident involves VIQ Solutions, a '
'Canada-based company, subcontracting transcription work to '
'e24 Technologies in India without notifying courts or '
'complying with contractual restrictions.',
'impact': {'brand_reputation_impact': 'Severe (national security concerns, '
'legal violations)',
'data_compromised': 'Thousands of court transcripts',
'identity_theft_risk': 'High (undercover operatives, protected '
'witnesses, domestic violence survivors)',
'legal_liabilities': 'Potential violations of Privacy Act 1988, '
'contractual breaches, criminal offenses '
"(exposing protected persons' locations)",
'operational_impact': 'Redundancies, internal distrust, unpaid '
'quality checks on flawed transcripts',
'systems_affected': "VIQ Solutions' transcription and data storage "
'systems'},
'initial_access_broker': {'entry_point': 'Unauthorized subcontracting to e24 '
'Technologies',
'high_value_targets': ['ASIO/AFP intelligence',
'Undercover operatives',
'Protected witnesses']},
'investigation_status': 'Ongoing (Federal Court, WA Department of Justice)',
'lessons_learned': 'Need for stricter third-party vendor oversight, '
'transparency in subcontracting, national security vetting '
'for legal transcription, potential risks of privatizing '
'critical legal services',
'motivation': 'Operational cost reduction (potential financial gain), lack of '
'regulatory enforcement',
'post_incident_analysis': {'corrective_actions': ['Investigations launched by '
'Federal Court and WA '
'Department of Justice',
'Potential contract '
'termination',
'Calls for public ownership '
'of transcription services'],
'root_causes': ['Lack of contractual compliance by '
'VIQ',
'Inadequate oversight by Federal '
'Court',
'Offshoring sensitive data without '
'vetting',
'Use of AI/automated transcription '
'without disclosure']},
'recommendations': ["Independent audit of VIQ's operations",
"Termination of VIQ's contract",
'Bringing transcription services back into public hands',
'Enhanced monitoring of subcontractors',
'Mandatory disclosure of offshore/AI usage in government '
'contracts'],
'references': [{'source': 'ABC Investigation'}],
'regulatory_compliance': {'regulations_violated': ['Privacy Act 1988',
'Commonwealth contractual '
'obligations (prohibition '
'on offshoring/AI use)',
'State laws (e.g., WA '
"protected persons' "
'location exposure)']},
'response': {'communication_strategy': 'VIQ CEO statement on adherence to '
'privacy standards; Federal Court '
'acknowledging investigation',
'remediation_measures': 'Federal Court investigating compliance '
'breach, WA Department of Justice '
'investigating exposed locations'},
'stakeholder_advisories': 'Greens senator David Shoebridge called for '
'contract termination and independent audit; '
"Attorney-General's Department deferred to federal "
'courts',
'threat_actor': 'e24 Technologies (India-based subcontractor)',
'title': 'Australian Court Transcripts Exposed in Offshore Data Breach, '
'Raising National Security Concerns',
'type': 'Data Breach',
'vulnerability_exploited': 'Lack of contractual compliance and oversight, '
'unauthorized offshore access'}