Asylum seekers facing removal from Australia are being given just two weeks to provide details about how a major data breach that exposed their personal details will affect their protection claims.



The Immigration Department has begun distributing letters to asylum seekers who do not hold a visa and are “liable for removal” from Australia to provide written information about their concerns over the breach within 14 days.



The letter says that if no response is received within 14 days “you will be expected to depart Australia and removal planning will be progressed”.



“Any concerns you have will be considered in addition to any other information you have already provided to the department. If you have any concerns about the impact of the data breach on your ability to return to your home country or country of usual residence, you should give specific reasons as to why you cannot return,” the letter says.



In February Guardian Australia revealed the department had inadvertently published the personal details of almost 10,000 people in detention – including their names, dates of birth, country of origin – in a file publicly available on the department’s website.



The breach raised serious concerns that asylum seekers may be persecuted if they are returned to their country of origin because authorities there may now be aware they had sought asylum in Australia. The breach sparked a wave of legal actions in the federal circuit court.

Guardian Australia understands the letter has been sent to asylum seekers who have been “screened out”, which means they cannot be assessed to be a refugee. The letter has also been sent to asylum seekers who are already facing removal.



The screening procedure involves a brief initial interview when asylum seekers arrive in Australia and has been condemned by a former immigration department officer, Greg Lake, who said he would not be surprised if genuine refugees had been rejected as a result of the process.



It is unclear how any additional information will be considered by the department. Guardian Australia has sought comment from the department about the reviews.



The privacy commissioner is conducting an investigation into the data breach. An internal review by KPMG was commissioned by the department and has been completed.



Although the department had previously indicated the report would be made public, the immigration minister, Scott Morrison, has not responded to questions about when it will be released.

