What is a data breach?
A data breach occurs when sensitive or personal information is accessed, disclosed or exposed to unauthorised people. This may be by accident, or the result of a security breach. For example, when an email with personal information is sent to the wrong person, or a computer system is hacked and personal information is stolen.
Organisations collect and store many personal details. You trust them with details such as your address, phone number, identification documents, credit card number, health records and more.
If your information is involved in a data breach, the potential consequences can be far reaching. Depending on the information involved, a data breach may lead to the compromise of your online accounts, including banking. The information could also be used in targeted scams and to steal your identity.
The Notifiable Data Breaches scheme
In Australia, the Notifiable Data Breaches scheme means many organisations must tell you if your personal data has been involved in a data breach and this has put you at risk of serious harm. This could include serious physical, psychological, emotional, financial or reputational harm.
When an organisation notifies you about a data breach, they must also provide recommendations for how you can protect yourself.
The scheme applies to Australian government agencies, businesses and not-for-profit organisations with an annual turnover of more than $3 million, credit reporting bodies and health service providers, among others.
Can I prevent a data breach?
There is always a risk of a data breach, as the information you provide to organisations is stored on many different systems. There are actions you can take to minimise the likelihood and impact that a data breach can have on you.
Prepare for the likelihood of a data breach
- Minimise the amount of personal information shared with an organisation. Only tell organisations the information that they need to provide services, rather than everything they ask for. For example, if asked for a home address consider if the organisation really requires this information, especially if it is not mandatory.
- Look for organisations that have a commitment to cybersecurity. Think twice about organisations with a poor cybersecurity reputation.
Minimise the impact of a data breach
- Avoid re-using passwords. A data breach may occur and compromise your password. If you have reused this password across other online accounts, they also may be at risk. By using a unique password across each of your online accounts, in the event one of your passwords is compromised in a data breach, this password can’t be used to access your other accounts. Use a strong password, such as a passphrase. Consider also using a password manager to create and manage different passwords. For more information, see our advice on passphrases.
- Use multi-factor authentication (MFA) across your accounts. In the case a data breach compromises your password, it cannot be used to access your other accounts. For more information, see our advice on MFA.
- Back up important information. A data breach could also result in a loss of access to data and information held by the affected organisation. For more information, see our advice on backups.