In today’s digital age, data breaches have become an unfortunate reality. From large corporations to small businesses and individual users, no one is entirely immune to the threat of having their sensitive information compromised. Whether it’s your personal data, financial details, or login credentials, falling victim to a data breach can be a distressing experience with Australians being a prime target. However, knowing how to respond promptly and effectively can mitigate the potential damage. Here’s some key steps from ACSC (Australian Cyber Security Centre) to reduce your risk of impact from a data breach.
Know how you are affected
If you have received a direct notification of a data breach, it should include the type of information involved and actions to take. For more information on the data breach, contact the affected organisation directly. You can also visit the website of the affected organisation and look for any official communications.
To help determine what data may have been breached and how to respond, use the ASD’s ACSC’s Have you been hacked? tool. Select ‘My information has been lost or stolen’ and follow the prompts. The tool will tell you the steps you should take to secure your finances, accounts, email and identity.
Visit the Office of the Australian Information Commissioner website for more information on the Consumer Data Right system and how to respond to a data breach containing your:
- contact details
- financial information
- government-issued identity documents
- tax file number and tax-related information, and
- health information.
Be aware of scams
Scammers might try to take advantage of you when a data breach occurs. They may pose as an organisation in communications such as email, text, or phone. Be sure to confirm any communications from an organisation with an official source, such as their website.
For example, you may receive an email asking you to reset your password because it was compromised. Do not use the links or contact details provided in the message or email. Visit the official website and log in to your account, or call their phone number.
Secure your accounts
Change your password or passphrase. It is best practise to change your password or passphrase by logging into your account’s online platform or app directly. The ASD’s ACSC has published guidance on using password managers and guidance on creating passphrases.
If your password has been compromised in a data breach, reset all accounts that use that same password as soon as possible. Use a unique password for each online account.
Review your security settings across other accounts. Some online services allow you to view what devices have recently used your login details and any recent transactions. You can usually also log out those devices from these settings.
Secure your identity
In the case that your sensitive personal information was included in a data breach, you may be at risk of identity theft.
Visit the IDCARE website and complete the Get Help Form or call 1800 595 160 to access IDCARE’s Identity and Cyber Security Case Managers. IDCARE is Australia and New Zealand’s national identity support service. An IDCARE Identity and Cyber Security Case Manager can work with you to develop a specific response plan for your situation and support you through the process. IDCARE’s Learning Centre is also a key resource to learn how to prepare, prevent, detect and respond to identity and cyber security concerns.
If your identity has been stolen, apply for a Commonwealth Victims’ Certificate – a certificate helps support your claim that you have been the victim of identity crime and can be used to help re-establish your credentials with government or financial institutions.
If your driver’s licence details have been compromised, you may be eligible for a replacement. Contact your local state or territory authority for more information.
Contact the ATO if someone has stolen your personal or business identity. You must report all tax-related security issues to the ATO.
Secure your finances and money
If your personal details have been compromised, your money may be at risk. If you have not already done so, contact your bank or financial institution immediately. Follow their guidance on securing your account and freezing any affected accounts or cards.
If you are not satisfied with the response from your bank, you can seek free advice from the Australian Financial Complaints Authority (AFCA). If you have lost money, do not accept offers from third parties to help you get it back – this is a common tactic used by scammers to steal more money from you.
Check and monitor for unauthorised activity
Even with your accounts, identity and finances now secure, continue to check and monitor for unauthorised activity. This will help determine if your data has been used to do anything that requires a response from you.
You can monitor for online activity such as:
- social media posts in your name
- private messages, texts, or emails in your name
- purchases that you didn’t authorise
- automatic transactions that have been set up without your authorisation, and
- changes to your financial or banking details.
Be aware that if a person accesses your account, they may be able to hide their activity, for example, by permanently deleting messages they sent in your name.
Data breaches are often followed by phishing attempts, where scammers try to trick you into revealing even more personal information. Be cautious of unsolicited emails, texts, or phone calls, especially if they ask for sensitive information or prompt you to click on suspicious links.
Remember, being proactive and taking swift action can help minimize the impact of a data breach on your personal and financial well-being. By following these steps and staying vigilant, you can navigate through the aftermath of a breach with greater confidence and security.
ACSC also advises to report cybercrimes, security incidents and abuse through ReportCyber. Your report helps to disrupt crime operations and makes Australia more secure.