Police have charged a 38-year-old man over a major data breach which saw almost 9,000 sensitive New South Wales court documents accessed earlier this year.

The breach, announced by state officials in March, was believed to have exposed documents such as apprehended violence orders and details of minors held in a website operated by the NSW Department of Communities and Justice (DCJ).

NSW Police said the man was arrested after a search warrant was executed at a home in the beachside suburb of Maroubra in Sydney’s east on Wednesday.

Two laptops were seized, and the man was charged with accessing or modifying restricted data, as well as using a carriage service intending to cause fear or physical or personal harm relating to an outstanding warrant, authorities said.

He was refused bail and was set to appear in Waverley Local Court on Thursday.

A DCJ spokesperson told Information Age the department was "aware" police had charged a man, but would not comment further as the matter was before the court.

Compromise linked to registered user

The breach of the NSW Online Registry Website (ORW), an online portal which provides access to sensitive information from both civil and criminal court cases, was said to have occurred between January and March 2025.

Local detectives as well as state and commonwealth agencies said they had identified the source of the compromise as being “an account linked to a registered user of the ORW”.

In total, 8,769 restricted documents held by the website were accessed between 29 January and 20 March, they said.


Police say two laptops were seized when a search warrant was executed during the man's arrest. Image: NSW Police / Supplied

Cybercrime detectives were allegedly alerted to the breach on 25 March, after unexpected data changes were detected during “routine maintenance”.

The breach was publicly announced two days later on 27 March, when NSW Attorney-General Michael Daley revealed investigators had found “an account holder within the justice link system had gained an unlawful entry into that system” using a malicious Python script.

Potential victims warned to be ‘extra vigilant’

Experts said there was a high possibility sensitive Personal Identifiable Information (PII) was exposed during the ORW breach, which could leave potential victims vulnerable to attacks or exploitation.

NSW officials have warned anyone who believed their information may have been compromised in the breach to be vigilant or contact local police if they had concerns for their safety.

Jacqueline Jayne, a cybersecurity expert with IT services firm SoSafe, said data compromised in the ORW breach “could be used to facilitate sophisticated social engineering attacks”.

"The data could be manipulated to create malicious email messages that looked legitimate, as they may contain information from the breach,” she said in late March.

"Anyone who believes their data may have been involved in the breach must be extra vigilant about all incoming communication — SMS, calls, and emails — until we know more about the exact nature of the data accessed.”