Data for up to 111,813 Australian users may have been accessed as a result of the September 2018 incident.