Update: Unsolicited emails claiming to be from Productivity Commission

Wednesday 10 June 2026 | 1pm AEST

On 9 June 2026, some members of the public received unsolicited emails from a Productivity Commission email address. Some of these emails contained identifying information that the sender implied had been taken from PC records.

As a result of our initial investigation into this issue, we have determined that an external third party is the source of these emails. During our review, we found no evidence that any of the identifying information used in the emails has come from the PC. The PC website does not store personal data in a way that would expose user emails, and many of the affected individuals have had no prior engagement with the PC. 

We now know that a previously undetected vulnerability on the PC website was exploited by the third party to send emails that appeared to originate from a PC email address. This vulnerability has been identified and remediated.

The PC has taken all steps to prevent further unauthorised emails and will continue to safeguard the security of any information that has been shared with the PC in accordance with our Privacy policy.

The PC has reported this incident to the Australian Cyber Security Centre.

We understand that this incident may have been distressing for the people affected. For information on reporting a data breach and protecting your personal information online you can contact the Australian Cyber Security Hotline, at cyber.gov.au or 1300 292 371.

You can also continue to contact us with questions relating to this matter via communications@pc.gov.au