Federal Court Data Breach Exposes Sensitive Litigant Files in Offshore Security Failure
A significant data breach involving Australian court records has exposed the personal and sensitive information of litigants in at least 146 cases, prompting a formal complaint to Canada’s privacy commissioner. The breach, linked to transcription service provider VIQ Solutions, has raised national security concerns after it was revealed that highly confidential court files were accessed offshore likely in India in violation of Commonwealth contractual obligations and privacy laws.
The incident came to light following an ABC investigation in February, which uncovered that VIQ had subcontracted work to e24 Technologies, a Chennai-based firm specializing in automated transcription, without notifying the courts. The breach was first publicly acknowledged by VIQ in a March 16 press release, after the company entered voluntary administration under McGrathNicol, just weeks after the offshore access was exposed.
Scope and Impact of the Breach
- Affected Cases: At least 136 Family Court matters and 10 Federal Court cases were transcribed offshore without authorization. The total number of impacted cases across other jurisdictions including Queensland, New South Wales, Victoria, Western Australia, and the South Australian Employment Tribunal remains unclear.
- Unverified Claims: Federal Circuit and Family Court CEO David Pringle told Senate estimates that VIQ had provided inconsistent figures, initially citing 170 affected files before revising the number to 136. However, the courts have been unable to verify these claims, as VIQ has repeatedly failed to provide detailed reports despite multiple requests.
- Lack of Notification: None of the affected litigants have been informed of the breach, with Pringle stating that disclosure could cause "distress" a decision criticized by Greens Senator David Shoebridge, who called the handling of the incident an "unravelling scandal."
Contractual Failures and Financial Irregularities
Despite the breach and VIQ’s administration, the Federal Court quietly extended its contract with the company by $5.3 million, with the amendment only appearing on the Australian Tenders website on June 24 nearly two years after the original contract expired. Federal Court representative Cara Lawson described the oversight as an "administrative error", admitting that the tender listing had incorrect details, including the wrong start date, supplier name, and contract amount.
Senator Shoebridge condemned the lack of transparency, particularly after the court awarded a separate $451,000 contract to Nous Group for transcription program management also listed just before the estimates hearing. He questioned the court’s competence in managing the crisis, stating that officials had failed to ask "the right questions" as the privatization of transcription services collapsed.
Breakdown in Oversight and Response
- Communication Failures: Pringle revealed that VIQ’s Canadian parent company cut off its Australian arm without warning, leaving courts scrambling to maintain services. The company also threatened to withdraw support, forcing emergency contingency measures.
- Government Involvement: The Attorney-General’s Department confirmed it had notified the Australian Cyber Security Centre (ACSC) upon learning of the breach.
- Ongoing Issues: Legal practitioners had previously raised concerns about erroneous transcripts, missing dialogue, and delays problems that have persisted amid VIQ’s administration.
The breach underscores systemic vulnerabilities in the outsourcing of sensitive judicial services, with critics arguing that privatization has outpaced oversight. As the fallout continues, the full extent of the exposure and the long-term consequences for affected litigants remains unresolved.
Source: https://www.abc.net.au/news/2026-05-27/viq-solutions-privacy-breach-contract-extension/106722674
Western Reserve Area Agency on Aging cybersecurity rating report: https://www.rankiteo.com/company/western-reserve-area-agency-on-aging
Australian Federal Police cybersecurity rating report: https://www.rankiteo.com/company/australian-federal-police
Department of Justice QLD cybersecurity rating report: https://www.rankiteo.com/company/department-of-justice-and-attorney-general-qld
VIQ Solutions cybersecurity rating report: https://www.rankiteo.com/company/viq-solutions
Court Services Victoria cybersecurity rating report: https://www.rankiteo.com/company/court-services-victoria
"id": "WESAUSDEPVIQCOU1779842049",
"linkid": "western-reserve-area-agency-on-aging, australian-federal-police, department-of-justice-and-attorney-general-qld, viq-solutions, court-services-victoria",
"type": "Breach",
"date": "3/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': '146+ cases (136 Family Court, '
'10 Federal Court)',
'industry': 'Legal Services',
'location': 'Australia (subcontracted to India)',
'name': 'VIQ Solutions',
'type': 'Transcription service provider'},
{'customers_affected': 'Litigants in 10+ cases',
'industry': 'Judiciary',
'location': 'Australia',
'name': 'Federal Court of Australia',
'type': 'Government Judicial Body'},
{'customers_affected': 'Litigants in 136+ cases',
'industry': 'Judiciary',
'location': 'Australia',
'name': 'Family Court of Australia',
'type': 'Government Judicial Body'},
{'industry': 'Legal Services',
'location': 'Chennai, India',
'name': 'e24 Technologies',
'type': 'Subcontracted transcription service provider'},
{'industry': 'Judiciary',
'location': 'Australia',
'name': 'Queensland Courts',
'type': 'Government Judicial Body'},
{'industry': 'Judiciary',
'location': 'Australia',
'name': 'New South Wales Courts',
'type': 'Government Judicial Body'},
{'industry': 'Judiciary',
'location': 'Australia',
'name': 'Victoria Courts',
'type': 'Government Judicial Body'},
{'industry': 'Judiciary',
'location': 'Australia',
'name': 'Western Australia Courts',
'type': 'Government Judicial Body'},
{'industry': 'Judiciary',
'location': 'Australia',
'name': 'South Australian Employment Tribunal',
'type': 'Government Judicial Body'}],
'attack_vector': 'Third-party subcontracting without authorization',
'customer_advisories': 'None issued to affected litigants; decision made to '
'avoid causing distress.',
'data_breach': {'data_exfiltration': 'Likely (offshore access in India)',
'number_of_records_exposed': '146+ cases',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (national security concerns, '
'personally identifiable information)',
'type_of_data_compromised': ['Personal information',
'Sensitive court files',
'Confidential litigation '
'details']},
'date_detected': '2024-02-01',
'date_publicly_disclosed': '2024-03-16',
'description': 'A significant data breach involving Australian court records '
'exposed the personal and sensitive information of litigants '
'in at least 146 cases. The breach, linked to transcription '
'service provider VIQ Solutions, involved unauthorized '
'offshore access in India, violating Commonwealth contractual '
'obligations and privacy laws. The incident was uncovered by '
'an ABC investigation and later acknowledged by VIQ in a press '
'release after entering voluntary administration.',
'impact': {'brand_reputation_impact': 'Significant reputational damage to '
'Australian courts and VIQ Solutions',
'data_compromised': 'Personal and sensitive information of '
'litigants, confidential court files',
'downtime': 'Ongoing disruptions in transcription services',
'financial_loss': '$5.3 million (contract extension) + $451,000 '
'(additional contract)',
'identity_theft_risk': 'High (exposure of personally identifiable '
'information)',
'legal_liabilities': 'Potential violations of privacy laws, '
'contractual breaches',
'operational_impact': 'Erroneous transcripts, missing dialogue, '
'delays in court proceedings',
'systems_affected': 'Transcription services for Australian courts'},
'investigation_status': 'Ongoing (VIQ Solutions in voluntary administration; '
'full extent of breach unclear)',
'lessons_learned': 'Systemic vulnerabilities in outsourcing sensitive '
'judicial services; lack of oversight in privatization; '
'need for stricter contractual compliance and '
'transparency.',
'post_incident_analysis': {'corrective_actions': ['Review of outsourcing '
'policies for sensitive '
'judicial services',
'Stricter enforcement of '
'contractual obligations',
'Improved incident response '
'and communication '
'strategies'],
'root_causes': ['Unauthorized subcontracting to '
'offshore provider (e24 '
'Technologies)',
'Lack of oversight and contractual '
'compliance',
'Failure to notify affected '
'parties or courts',
'Administrative errors in contract '
'management',
'Breakdown in communication with '
'third-party provider']},
'recommendations': ['Improve oversight of third-party subcontractors',
'Enforce stricter contractual obligations for data '
'handling',
'Enhance transparency and communication with affected '
'parties',
'Review and strengthen incident response protocols',
'Avoid further privatization of critical judicial '
'services without robust safeguards'],
'references': [{'date_accessed': '2024-02-01', 'source': 'ABC Investigation'},
{'date_accessed': '2024-03-16',
'source': 'VIQ Solutions Press Release'},
{'date_accessed': '2024-06-24',
'source': 'Australian Tenders Website'},
{'source': 'Senate Estimates Hearing'}],
'regulatory_compliance': {'legal_actions': 'Formal complaint to Canada’s '
'privacy commissioner',
'regulations_violated': ['Commonwealth contractual '
'obligations',
'Privacy laws'],
'regulatory_notifications': 'Notification to '
'Australian Cyber '
'Security Centre '
'(ACSC)'},
'response': {'communication_strategy': 'Lack of direct notification to '
'affected litigants; public disclosure '
'via press release and Senate '
'estimates',
'law_enforcement_notified': 'Australian Cyber Security Centre '
'(ACSC) notified by '
'Attorney-General’s Department',
'recovery_measures': 'Emergency contingency measures to maintain '
'transcription services',
'third_party_assistance': 'Nous Group ($451,000 contract for '
'transcription program management)'},
'stakeholder_advisories': 'Criticism from Greens Senator David Shoebridge '
'regarding lack of transparency and competence in '
'handling the crisis.',
'title': 'Federal Court Data Breach Exposes Sensitive Litigant Files in '
'Offshore Security Failure',
'type': 'Data Breach',
'vulnerability_exploited': 'Lack of oversight in outsourcing, contractual '
'violations'}