The National Disability Insurance Agency (NDIA) says some people caught up in a data breach last November were under 18 at the time, and the agency has been unable to get in contact with them.
The agency made the admission in a new statement about the breach, its first update since November 2023.
An employee of the agency was charged with accessing and leaking 11,000 “records” to a provider in the national disability insurance scheme (NDIS).
NDIA said there are “active prosecutions” in progress “against those allegedly responsible”.
It also said it was obliged to contact individuals potentially impacted by the breach but had not managed to do so for an undisclosed number of people.
“The agency has worked to do this, but has been unable to contact some individuals who, at the time of their or their nominee’s engagement with the scheme, were under the age of 18,” it said in the statement.
“These individuals are not NDIS participants, but may be either a former participant, related to a current NDIS participant or someone who had previously applied for access to the scheme.
“The NDIA recognises that this news may be distressing and concerning for participants, families, carers and supporters.
“We sincerely apologise for this.”
NDIA said there was a need for vigilance among the affected cohorts, including ensuring multi-factor authentication is used for online accounts.