A significant security breach has been exposed within Australia's Department of Parliamentary Services after revelations that an external contractor who accessed a massive trove of parliamentary emails lacked proper security clearance.
Major Security Oversight Revealed
Queensland Liberal National senator James McGrath has launched a scathing attack on the Department of Parliamentary Services following the disclosure that the contractor who conducted an email sweep in 2023 did not hold the required security clearance. The external worker, employed by TransPerfect Legal, extracted at least 100,000 internal emails, including correspondence with parliamentarians, while only holding an Organisational Suitability Assessment for another Commonwealth agency.
In a letter tabled just before Monday morning's Senate estimates hearing, the DPS revealed the security clearance failure. Senator McGrath described the situation as an extraordinary failure of leadership and judgement that compromised the safety and security of everyone working at Parliament House.
Department Backtrack and Contractor Details
The security breach came to light when deputy secretary Nicola Hinder was forced to correct evidence she had provided at an October hearing. Hinder had previously informed the committee that the TransPerfect Legal data forensic expert held an Australian Government Security Vetting Agency Negative Vetting 1 Clearance.
However, the department was formally advised on November 26, 2025 that the individual did not actually possess this clearance. The email extraction occurred under the orders of then deputy secretary Jaala Hinchcliffe, who has since been promoted to department secretary.
The sensitive documents were transferred to HWL Ebsworth, a law firm that government agencies frequently use. This is particularly concerning given that HWL Ebsworth had fallen victim to a massive cyber hack by Russian criminals in the same year the email transfer occurred.
Investigation and Political Fallout
Ms Hinchcliffe told the committee that DPS had received assurances the contractor hired through the approved legal firm had proper security clearance. She expressed disappointment that the department had been provided with incorrect information.
The scale of the data accessed is substantial - approximately 170 gigabytes of data was handed over, which could contain up to 2 million emails based on average plain-text email sizes. Senator McGrath emphasized that in his 11 years in Parliament, he had never witnessed such blatant negligence.
A Senate inquiry has been established to investigate the handling of the documents and the department's policies and procedures. The inquiry is accepting submissions until January 23, 2026, with a report due on March 10, 2026. The department has raised the security breach in the strongest terms with HWL Ebsworth, who have similarly addressed the issue with TransPerfect Legal.
