Skip to main content

Protect Yourself: Data Security

Learn about the steps you can take to determine if you are at risk and to reduce the impact of a data breach.

What is data security?

Many websites and organisations will ask for personal details. This could include email address, name, postal address, date of birth, phone number, drivers licence, other identifying documents and financial information. Data security is about keeping that information safe.

There are steps you can take to determine if you are at risk and to reduce the impact of a data breach.

Determine if you are at risk

Individuals, small businesses and large organisations and government are all at risk. A data breach can affect anyone who has provided personal data and anyone who has collected and stored it.

Find out if your data has been breached and what data has been affected

You may hear about a data breach directly from an affected organisation, or read about a breach in the media. You might also learn about data breaches through the ACSC's Alert Service.

Visit the Office of the Australian Information Commissioner data breaches page for more information, and to find out what to do if you are told about a data breach.

Details of publicly-known breaches may also be available at Have I Been Pwned. Input your email address or phone number to find out if you’ve been implicated in a known breach. 

Lastly, sometimes organisations may have had data breaches in the past but not become aware of the breach until later on. During this time, your details may be compromised without your knowledge.

Respond to a data breach

Consider contacting the organisation that has been breached to find out what personal or sensitive data has been compromised.

To help determine what data may have been breached and how to respond use the ACSC’s Have you been hacked? tool. Select ‘My information has been lost or stolen’ and follow the prompts. The tool will tell you the steps you should take to secure your finances, accounts, email and identity.

Visit the Office of the Australian Information Commissioner website for more information on the Consumer Data Right system and how to respond to a data breach containing your:

  • contact details
  • financial information
  • government-issued identity documents
  • tax file number and tax-related information, and
  • health information.

Check for unauthorised activity

It’s important to check your account activity. This will help you determine if the person who accessed your account has done anything that requires a response from you. The steps to check your account activity will depend on the nature of the account. The account activity you should check may include:

  • posts in your name
  • private messages in your name
  • product purchases you didn’t authorise
  • automatic transactions that have been set up without your authorisation
  • changes to your financial or banking details, and
  • missing or edited files.

Be aware that the person that accessed your account may have hidden their activity, for example, by permanently deleting messages they sent in your name.

Secure your data

The most common ways to secure your data is to

  1. Change your password or passphrase. It is best practise to change your password or passphrase by logging into your account’s online platform or app directly. Avoid clicking on password or passphrase reset links you receive by email or messages because fake reset links are commonly sent by cybercriminals. The ACSC has published guidance on using password managers and guidance on creating passphrases. If you cannot access your account to change your password or passphrase, check if the account provider has an account recovery option. Note, in some cases, email providers may take a number of days to conduct additional checks before facilitating access to your account. If your password has been compromised, reset all accounts with that password immediately.
  2. Go to your account settings and check that your account recovery details are accurate and up to date. Remove any account recovery options you don’t recognise.
  3. You may be able to manage what devices are logged into the account. If your account has this option, log out of all devices. You can usually find this option on your account security settings page. Changing your password or passphrase should also automatically log out all other devices currently logged into your account.
  4. Limit the amount of personal data you share with other parties, especially on social media. Only tell the organisation what they need to know to provide goods or services. For example, if you are asked for home address consider if the organisation asking for it really needs it. That way, if the organisation is ever affected by a data breach, less of your data is impacted.

Secure your identity

A cybercriminal may have stolen or may be trying to steal your identity.

Visit the IDCARE website and complete the Get Help Form or call 1800 595 160 to access IDCARE’s Identity and Cyber Security Case Managers. IDCARE is Australia and New Zealand’s national identity support service. An IDCARE Identity and Cyber Security Case Manager can work with you to develop a specific response plan for your situation and support you through the process. IDCARE’s Learning Centre is also a key resource to learn how to prepare, prevent, detect and respond to identity and cyber security concerns.

If your identity has been stolen, apply for a Commonwealth Victims' Certificate - a certificate helps support your claim that you have been the victim of identity crime and can be used to help re-establish your credentials with government or financial institutions.

Secure your finances and money

If your personal details have been compromised, your money may be at risk. If you have not already done so, contact your bank or financial institution immediately. Follow their guidance on securing your account and freezing any affected accounts or cards.

If you are not satisfied with the response from your bank, you can seek free advice from the Australian Financial Complaints Authority (AFCA). If you have lost money, do not accept offers from third parties to help you get it back – this is a common tactic used by scammers to steal more money from you.

Watch, record and report

Be sure to confirm any communications from an organisation that suffered a data breach with an official source. Scammers might try to take advantage of data breaches by pretending to represent the breached organisation. For example, you may receive an email asking you to pay money not to release your personal data 

If this occurs, make a record of the key details of the incident, including details of what happened, when it happened, what you think may have led to the incident and the steps you took in response.

Visit ReportCyber to see if the incident should be reported to the ACSC.