A defence agency emailed the personal details of almost 2500 former military personnel to hundreds of people, even though its software had warned it not to.
The Defence Community Organisation, which helps families that are struggling to adjust to military life, has since acknowledged the error was a ''serious breach of privacy and … also a breach of trust''.
Last month, one of its new employees accidentally attached the database to a survey, which was then sent to about 400 people who had recently left the Australian Defence Force.
The computer initially blocked the email, warning that it contained an ''unauthorised security clearance''. However, after seeking advice, the employee was then told to ''just send the email again''.
The organisation's manager of critical incidents, Major Glyn Lofthouse, who conducted the initial assessment of the incident, recommended a formal investigation.
He said the email contained personal information of more than 2400 former personnel, ''including members who were now deceased''.
The Defence Department said last night it was ''treating this matter with the utmost seriousness''.
''An external consultant is undertaking a formal investigation and Defence has conducted an immediate review of its processes and procedures pending the outcome of this investigation,'' a spokesman said. ''Staff members involved in the incident have been counselled and staff have been directed to undertake privacy training.''
The database included each former ADF member's name, ID number, unit name, date and reason for leaving the service and personal email address.
The Defence Force Welfare Association's national president, David Jamison, said yesterday he was very concerned by the breach.
''You'd potentially be opening up these people to all sorts of influences and exposure.''
The association was also currently lobbying the government to prevent the disclosure of military staff's personal details under the Archives Act's 20-year rule.
''We've been having a dialogue with the Defence Minister about this issue, which is upsetting many members, because they aren't told when their file is accessed and they're not allowed to know who's accessing it.''
This reporter is on Twitter: @MarkusMannheim