What to do if you’ve been impacted by a data breach

Run a credit report 

You can run a free credit report for your credit score and history. It will help you determine if any suspicious activity has occurred using your personal information. The moneysmart website has links to credit reporting agencies and provides more information about how credit reporting works.

Place a credit ban

You can place a 21-day credit ban on your profile which will prevent credit reporting agencies from disclosing any personal information from your consumer credit profile unless you provide written consent, or if they are required by law. This ensures credit application companies are aware and alerted to the potential fraud risk and will reject credit applications. To learn more about how credit bans work, visit the Office of the Australian Information Commissioner website.

Activate multi-factor authentication (MFA) for key accounts

Where possible, you should enable multi-factor authentication for online accounts that you operate. Not all online accounts and services have the option of multi-factor authentication, but you should enable it for accounts that do. For example, arrange to get an additional code sent to your phone by SMS before you can log into your account. The Australian Cyber Security Centre provides a range of guidance on best practice for passwords and password management and the use of multifactor authentication. 

Disable your web browser’s built-in password manager and delete all saved passwords

Many current internet browsers (such as Google Chrome, Microsoft Edge and Mozilla Firefox) have a function that allows you to save any log-in credentials and passwords that you use to your browser, to save you having to log in each time you want to access an account. We strongly recommend that you do not use this feature. You can erase any saved credentials and disable this feature in the settings or preferences menus of your browser.

Run a virus scan on your devices

We recommend that you undertake a virus or malware scan of the computer you use at home or in the office as a priority. If you have installed commercially available internet security software (such as Norton, McAfee or Trend Micro) on your computer, we recommend you update the virus definitions for the software and conduct a scan for viruses in your computer’s operating system. If your computer uses Microsoft Windows 10 or later, but you have not installed internet security software, you can use the inbuilt Microsoft Defender security software to conduct a virus scan of your computer. However, we recommend you first check that Defender is activated and that you run an update of the virus definitions before you conduct a scan of your computer. For further guidance on how to use and/or update anti-virus software on your device, the Australian Cyber Security Centre provides a useful guide .

Update your device operating systems

In addition to undertaking a virus scan, we recommend that you update your computer’s operating system and ensure that all applications and software on your computer are up to date.

For further guidance on how to update your computer’s operating system, we recommend you refer to guidance published by the Australian Cyber Security Centre .

Strengthen passwords for your online accounts

Once you have scanned all your devices for viruses, we recommend that you change the passwords for your online accounts. We recommend that you do not reuse passwords and use unique passwords (or passphrases) for each online account.

ID Support recommends prioritising the following online accounts for password resets/changes

• Government accounts you operate, including your MyServiceNSW account or accounts with other NSW government or Australian government agencies
• Email accounts, including Microsoft Office and web-based services such as Gmail and Hotmail.
• Your Microsoft Office 365 account (if you use it)
• Online bank accounts
• Accounts with telephone companies, internet service provides or utilities (gas, water) companies, which you access online
• Online shopping accounts that you use regularly, particularly accounts where you have linked your credit card or have provided detailed personal information such as date of birth, address and contact details

Be cautious of phishing scams

Scammers may try to take advantage of a data breach to trick you into revealing additional personal information. Be cautious of any unsolicited emails or phone calls and avoid clicking on links or downloading attachments from unknown sources.

Check your account details

It is possible that people may have used your personal information to access accounts that you operate and change information in them. This could include NSW Government issued accounts, including MyServiceNSW account. We recommend that you check that your vital information in your accounts, including your current contact details, are correct and have not been changed. 

For email accounts, we also recommend that you check your account settings to ensure that there are no changes to your account profile or settings, including in relation to login access restrictions, account synch setting and onforwarding rules, or the recovery details for your email account.

If you notice any unexpected changes in any accounts operated by you, we recommend that you contact the relevant business or service provider to discuss additional security controls or alerts that they may be able to place on your account.

Remember, the key to protecting yourself is to act quickly and stay vigilant. Stay informed about the latest data breaches and take steps to safeguard your personal information.