Recover from a data breach

You may be directly notified by a business or organisation that has been affected by a cyber-attack, or potentially through the media. For more information on the data breach, contact the affected organisation directly. You can also visit the website of the affected organisation and look for any official communication.

The organisation may give you details about what information has been affected as it relates to you. They may also let you know what you need to do to recover from this and protect yourself from future incidents.

If you’re unsure whether your information has been previously involved in a cyber breach, you can check on the site, Have I Been Pwned.

Having your information stolen through a cyber attack can increase your likelihood of being targeted by scammers. While your information may be used to commit a variety of scams, scammers may pose as trusted organisations offering to help in your recovery following a data breach.

Remember that scammers:

• attempt to gain trust by claiming to be from a known business or impersonating a known contact
• may initiate contact via multiple channels including phone calls, text messages and email
• will suggest their own verification procedures, like going to websites they have created or calling numbers they provide to you
• will attempt to gain control of your device by suggesting you download software
• know how to trigger emotional responses to cloud your judgement
• create a sense of urgency to get you to make decisions without thinking.

Ways to protect yourself from a scam include the following:

• If you suspect a call might be a scam, take the caller’s details, hang up and contact the organisation they claim to represent via official channels (e.g. their website).
• Do not call a number given to you by an unexpected caller who claims to represent an organisation. Always refer to the organisation’s official website.
• Confirm any communication through official channels listed on their website.
• Do not click on links received in an unexpected text message or email.

What to do if you've been scammed:

• Contact your bank or card provider immediately to report the scam. Ask them to stop any transactions.
  • If you're not happy with how your bank has responded to your situation, you can complain to the Australian Financial Complaints Authority.
• Report any suspected scam activity to Scamwatch.
• Watch out for follow up scams. If scammers have been successful, they may try to get more money.

Head to Scamwatch for further information on how to protect yourself from scams.

If your password has been compromised in a cyber incident, reset all accounts that use that same password as soon as possible. Use a unique password for each online account.

Update your passwords to a passphrase

Update all your passwords to strong passphrases for your bank, email, social media, and personal accounts.

A passphrase is password made up of random words. You can create a strong passphrase by making it:

• long – made up of at least four random words or 14 characters in total
• unpredictable – select four or more unrelated words
• unique – make passphrases different for each account.

Store your passwords or passphrases safely

Use a password manager to securely store your passwords and have one master password to remember.

The Australian Cyber Security Centre (ACSC) has published guidance on their website about using password managers and creating passphrases.

Set up multi-factor authentication

Multi-factor authentication is an account login process that requires you to take multiple steps to prove who you are.

Examples of these are:

• entering a password and then a code, usually sent to your email or mobile
• verifying your identity using biometrics, such as a fingerprint or facial recognition.

Different services will offer different ways for you to prove your identity. You can check with services like your bank, email, and social media accounts for instructions on how to set up multi-factor authentication. The Australian Cyber Security Centre has also created a guide to show how to turn on multi-factor authentication for most major services.

If you have received a notification that your information has been involved in a cyber incident, the following section has some general advice to replace or secure your government-issued identity documents.

Medicare card number

It’s important to know that your Medicare card number alone cannot be used to access your Medicare details or your Medicare account.

If you’ve been notified that your Medicare card number has been exposed in a data breach, you can get a free replacement Medicare card using either:

• your Medicare online account through myGov
• the Express Plus Medicare mobile app

If you are concerned about the security of your Medicare, Centrelink and myGov accounts, you can contact the Scams and Identity Theft Helpdesk on 1800 941 126 (available 8am to 5pm AEDT Monday to Friday).

Centrelink Customer Reference Number

If your concession card has been exposed by a data breach, you don’t need to get a replacement card. Your Centrelink customer reference number alone cannot be used as a proof of identity.

If you’re concerned about your Centrelink Reference Number being exposed, you can ask Services Australia to put additional authentication measures in place to protect your Centrelink information.

If you are concerned about the security of your Medicare, Centrelink and myGov accounts, you can contact the Scams and Identity Theft Helpdesk on 1800 941 126 (available 8am to 5pm AEDT Monday to Friday).

Tax file number

Information about lost or stolen tax file numbers is available on the Australian Taxation Office website.

Contact the Australian Taxation Office's Client Identity Support Centre on 1800 467 033 from 8am to 6pm, Monday to Friday if you have any concerns.

Driver licence

If your Victorian driver licence details have been stolen as part of a cyber incident, you can apply for a replacement licence by calling VicRoads on 13 11 71. Further information can be found on the VicRoads website.

Contact your bank and let them know you are involved in a cyber incident, especially if any of your bank or other financial details have been affected.

Ask your bank to put extra safeguards on your accounts and if there are any charges for this service or impacts on accessing your accounts via usual methods.

If you have lost money, do not accept offers from third parties to help you get it back. This is a common way scammers try to steal more money from you.

Access a credit report, which is a statement that has information on your credit score. This is based on your credit activity, loan paying history and state of your credit accounts.

You may be able to access a credit report directly through your bank. Alternatively, you can apply for a credit report and credit report ban from each of the following trusted consumer credit reporting agencies:

• Equifax
• Illion
• Experian.

Be aware of the ways your identity, accounts or finances may have been affected following a cyber incident.

Identity theft

Warning signs of identity theft can include the following:

• Your bank statements show spending, deposits, or withdrawals you have not made.
• You stop receiving your regular mail such a bank statements or utility bills, or you unexpectedly stop receiving mail all together.
• You receive bills or receipts for things you haven’t bought or statements for loans or credit cards you haven’t applied for.
• You start receiving a government benefit that you haven’t applied for.
• You have been refused credit because of a poor credit history due to debts you have not incurred.
• You are contacted by debt collectors.

Account compromise

Indicators someone may have accessed your email account include the following:

• You cannot access your email as the password is incorrect.
• There are strange emails in your sent folder.
• You receive unexpected password reset notifications.
• You notice sign-ins from unusual location, IP addresses, devices, and/or browsers.

Contact IDCARE for advice and support

IDCARE is Australia’s independent national identity and cyber support community service. They provide practical advice to people who have concerns about their digital identity or related cyber security incidents.

They also provide tailored and specific advice to people who have been affected by a cyber incident. IDCARE’s specialist case managers can work with individuals to develop a specific response plan for their situation and support them through the process.

All victims of cyber-crime can access IDCARE services. Some organisations who have been affected by a cyber incident might include details about IDCARE support in their communication with you about your data being involved. However, if this is not available or you are a victim of a cyber-related crime, you can lodge a report with the Australian Cyber Security Centre. You can then use the reference number (begins with CIR XXXXX) generated by your report to access IDCARE services.

To know if the organisation involved in a data breach has IDCARE support visit the IDCARE website.

Police

If you are in danger or need immediate police attendance, call Triple Zero (000).

If you need non-urgent police assistance, contact the Police Assistance line on 131 444 or attend your local police station.

Other services

If you need someone to talk to, reach out to family and friends, or you can contact Lifeline, Beyond Blue or the Kids Helpline to speak to someone online or over the phone.

The contact details are:

• Beyond Blue – call 1300 22 4636 or use the online chat
• Lifeline – call 13 11 14 or use the online crisis support chat
• Kids Helpline – call 1800 55 1800 or use webchat counselling

All three services are available 24 hours a day, 7 day a week.