The Department of Immigration and Border Protection will engage KPMG to investigate how a confidential file containing the personal details of asylum seekers held in detention, including their names, country of origin and date of arrival, was exposed to public access through the department's website.
An article published yesterday by The Guardian revealed the security breach.
The file, which The Guardian said contained the details of some 10,000 individuals, was removed from public access before the report was published.
Immigration minister Scott Morrison described it as an "unacceptable incident".
"I am advised the department has ensured all possible channels to access this information are closed, including Google and other search engines," the minister said in a statement.
"It appears the personal information underlying the report cannot be accessed through search engines. This is a serious breach of privacy by the Department of Immigration and Border Protection.
"I have received a brief on this matter and have sought assurances that this will not occur again."
Morrison said he welcomed the decision of the federal privacy commissioner, Timothy Pilgrim, to carry out an investigation into the breach.
The department will provide the Office of the Australian Information Commissioner with a report on the incident, a statement from the privacy commissioner said.
"This information was never intended to be in the public domain," an immigration department spokesperson said yesterday.
Morrison said KPMG is expected to release an interim report next week. "As part of that investigation the department has tasked KPMG to review all data publications and to ensure that proper mechanisms will be in place to make sure it doesn't happen again," the minister said.