Australian Court Files Exposed via Third-Party Offshoring Breach

Canadian transcription firm VIQ Solutions disclosed a major breach affecting Australian court records after subcontracting sensitive government work to an Indian company in direct violation of its Commonwealth contracts. The breach exposed thousands of confidential legal documents, including cases involving domestic violence, child abuse, and national security matters.

What Was Exposed

Documents from multiple Australian courts were accessed by e24 Technologies, an India-based firm that VIQ used to process transcription work despite contractual prohibitions against offshoring government data.

Affected courts include:

• Federal Circuit and Family Court — handles domestic violence and child abuse cases
• Federal Court of Australia — hears national security and major corporate litigation
• State courts across NSW, Victoria, Queensland, WA, and SA

The breach potentially compromised evidence from sensitive investigations by ASIO (Australia's domestic intelligence agency) and the Australian Federal Police. Family court cases are particularly concerning given they contain identifying information about domestic abuse survivors and their children.

How It Happened

ABC News broke the story on February 16, 2026, revealing that VIQ staff had raised concerns about data offshoring as early as August 2025. Management reportedly dismissed those warnings.

Internal documents obtained by journalists showed e24 employees with Indian email addresses accessing court files—a clear violation of VIQ's Australian government contracts, which mandate that sensitive data remain onshore.

VIQ issued a press release on February 20 acknowledging "data privacy incidents" and stating it had engaged a cybersecurity firm to investigate. The company noted the incident is "reasonably likely to have a material impact" on its financial condition.

National Security Implications

Senator David Shoebridge, who received information from multiple whistleblowers, characterized the breach as a national security risk.

"This is one of the most significant breaches of sensitive government information I've seen," Shoebridge said. "We're talking about potential exposure of witnesses, covert officers, and vulnerable families."

The senator's concern isn't unfounded. Court transcriptions in national security matters can contain details about intelligence sources, ongoing investigations, and protected witnesses. In family court cases, perpetrators of domestic violence have used exposed information to locate victims who have fled.

This pattern of third-party compromise echoes what we documented in the FICOBA database breach in France, where compromised government credentials led to unauthorized access of sensitive financial records. Both incidents highlight how trusted access mechanisms become single points of failure.

Supply Chain Risk in Government Services

VIQ Solutions holds contracts with government agencies across Australia, the UK, and North America. The company provides transcription services for courts, law enforcement, and healthcare organizations—all sectors handling sensitive personal information.

The breach exposes a persistent problem: governments often lack visibility into how contractors manage subcontracting relationships. Even with explicit contractual prohibitions, enforcement depends on contractors self-reporting compliance.

For organizations managing sensitive data through third parties, this case reinforces the need for continuous monitoring, not just contractual language. The Victorian education data breach similarly stemmed from supply chain failures that contract terms alone couldn't prevent.

What Happens Next

VIQ's Australian operations represent significant revenue for the company. Regulatory consequences could include:

• Contract termination with Commonwealth agencies
• Potential penalties under Australian privacy law
• Civil liability to affected individuals
• Reputational damage affecting other government clients

The Australian Information Commissioner has been notified. Federal agencies are reviewing their contracts with VIQ Solutions while the investigation continues.

Recommendations for Affected Individuals

If you've been involved in proceedings before Australian federal or state courts:

1. Be alert for unsolicited contact referencing court proceedings
2. Report suspicious communications to relevant authorities
3. Consider whether protective measures like identity monitoring are warranted
4. Contact the court registry if you have specific concerns about your case

For organizations working with third-party processors of sensitive data, this breach is a reminder that contractual terms are necessary but not sufficient. Technical controls, ongoing audits, and whistleblower channels all play roles in catching violations before they become breaches. For more on protecting sensitive information, see our data breach prevention guide.