The Australian Competition and Consumer Commission (ACCC) has said that users that had signed up to its alert services had their emails exposed publicly on the regulator's website.
The email addresses were linked to those who had signed up to receive information alerts from Recalls Australia, Product Safety Australia, SCAMwatch, and the ACCC's Public Registers website, the ACCC said in a statement today.
According to the commission, the emails were made accesssible online, but were not indexed by search engines or lined on the ACCC's website. The ACCC said the only way to access the email lists was if "specific URLs were tried".
The ACCC closed off access to these pages as soon as it became aware of the issue, and it said it had moved to inform the Office of the Australian Information Commissioner. It was not certain how many users were affected.
"It is not yet clear to the ACCC how many users have been affected or how long this has been an issue," the ACCC said.
"The ACCC takes the issue of privacy, including any breaches, very seriously and apologises to affected users."
A spokesperson for the ACCC said that the matter had no relation to the OpenSSL Heartbleed bug.