Then Immigration Minister Scott Morrison called the incident "unacceptable", saying the information was "never intended" to be in the public domain.
Australia's privacy regulator found the report contained embedded personal details that could identify all asylum seekers held in mainland detention and on Christmas Island.
This included information such as names, gender, why they were being detained, and where they were being detained.
Commissioner Angelene Falk said the compensation for economic loss would be paid on a case-by-case basis.
“This matter is the first representative action where we have found compensation for non-economic loss payable to individuals affected by a data breach,” she said.
“It recognises that a loss of privacy or disclosure of personal information may impact individuals and depending on the circumstances, cause loss or damage.”
The data breach included names, dates of birth, citizenship status, location, boat arrival details and the period individuals had spent in immigration detention.
The Information Commissioner investigated the breach after a joint complaint was made by 1,297 affected asylum seekers.
The commissioner said compensation for those who could demonstrate loss or damage as a result of the data breach would range from $500 to more than $20,000.
The regulator has created five categories for loss or damage - to be assessed depending on the severity of the impact.
This will include assessing anxiety, fear, pain, suffering, distress, humiliation or exacerbation of a mental health condition caused by the data breach.
In a statement a spokesperson for the Department of Home Affairs said it: "regrets that the unauthorised publication of personal information occurred."
"The Department has taken a number of actions to improve procedures, quality assurance and training in relation to the publishing process, including strengthened policies and staff awareness," the spokesperson said.
"[It] has been working with the OAIC since 2014 to resolve the complaint and is committed to working towards a final resolution."
'This is an exceptionally vulnerable group'
Law firm Slater and Gordon and the Refugee Advice and Casework Service (RACS) had represented the asylum seekers pro-bono in their complaint to the Information Commissioner.
RACS centre director Sarah Dale said the Department of Home Affairs had breached the fundamental right to privacy for thousands of people seeking asylum.
"It’s really welcome to see that the Australian government has been held accountable for this really grave mistake," she told SBS News.
"[But] no decision or result such as this will alleviate the distress caused to people who have already experienced so much pain."
She added the data breach had placed this "exceptionally vulnerable" group at greater risk by having their personal information shared.
Slater and Gordon senior associate Ebony Birchall said it was the first time in Australian history that compensation has been ordered for a mass privacy breach.
"This is group that feared for their safety so their privacy is paramount," she told SBS News.
"The decision is a significant public recognition that the Department of Home Affairs breached the fundamental right to privacy."
Greg Barnes from the Australian Lawyers Alliance said it was concerning it had taken seven years for the claim to make its way through the system.
"The compensation here is likely to run into the millions," he told SBS News.
"Some of these people no doubt would have left Australia … [so] it is critical that they are found because justice has to be done."
The detention report was available on the Home Affairs website for approximately eight days, the Information Commissioner said.
Information about the determination will be published in 21 languages to assist participating complainants to ensure they are properly informed.
The compensation process is expected to take one year.