Precedent Communications was operating at a substantial loss in the years leading up to the website developer being blamed for the biggest data breach in Australian history.
The company fell into liquidation in December last year, 13 months after it was revealed that the personal records of 550,000 donors to the Red Cross Blood Service were exposed online. Precedent had been engaged to redesign and maintain the Red Cross' core website in 2015.
The breach exposed names, gender, physical and email addresses, phone numbers, dates of birth, and countries of birth when an anonymous individual came across a 1.74GB file containing 1.28 million records while scanning IP address ranges for publicly exposed web servers containing .sql files.
It also included donors' sensitive medical information such as blood type and instances of high-risk sexual behaviour.
Human error by one of Precedent's technical staff left the Red Cross database backup exposed online for almost two months.
Precedent's liquidator, PPB Advisory, has since released an early statutory report into the company's affairs, which reveals how it became insolvent.
According to the report, Precedent was operating at a loss until FY17, and had been funded by its parent company in the UK. However, the company made a significant profit in FY17, which ended 31 March 2017, five months after the breach was disclosed.
Things went downhill after that, with the company racking up a net loss of $644,000 in the eight months leading to its liquidation. PPB Advisory plans to investigate the reason for the large fluctuation in profits, and how the FY18 losses were funded, though they appear to be partly funded by the parent company.
Precedent's UK parent company was also placed in external administration in December last year, and determined that it could no longer fund the Australian business' losses. The parent company is also Precedent Australia's largest creditor, with the administrators lodging a $2.3 million proof of debt.
PPB Advisory partner Melissa Humann told CRN at the time of liquidation that Precedent had considerable operating costs, and had spent a lot of time and money attempting to rectify the Red Cross breach after it went public.
The report also revealed that Red Cross was in the process of lodging a claim against Precedent's professional indemnity insurer when the company went under.
The administrators have put aside a contingency amount for legal fees if action from Red Cross occurs. The Office of the Australian Information Commissioner launched an investigation into Precedent in relation to the breach, which agreed to a forcible undertaking.
Employee claims total $513,000, though the administrators noted that most of Precedent's 22 employees had already received payments under the government's Fair Entitlement Guarantee.
The administrators anticipate being able to pay back the entirety of employees' superannuation, allowances and annual leave claims by April, and 27-30 cents in the dollar for retrenchment claims by June.
Precedent also owes $35,000 to the ATO.
Precedent had two offices in Melbourne and Perth, as well as operations in Singapore.