Data breach

What is a data breach?

A data breach is when data is inadvertently shared with or maliciously accessed by an unauthorised person or third-party. This can be by accident or because of a security breach.

Who is at risk of a data breach?

Individuals, small businesses and large organisations and government are all at risk. A breach can affect anyone who has provided personal information and anyone who has collected and stored it.

How can I keep my data secure?

1. Limit the amount of personal information you share online, especially on social media. Only tell the organisation what they need to know to provide goods or services. For example, if you are asked for a home address consider if the organisation asking for it really needs it. That way, if the organisation is ever affected by a data breach, less of your data is impacted.
2. Look for organisations that have a commitment to cyber security. Don’t use platforms that have a bad cyber security reputation or that you are unsure about.
3. Avoid reusing passwords for online accounts. If you reuse passwords and any of your accounts are compromised, all of your accounts could be at risk. A password manager can help generate or store different passwords for you.
4. Don’t create online accounts unnecessarily. If less secure platforms are breached your log-in credentials and other details may become available on the dark web.
5. Securing your devices and accounts can reduce the impact of having your data leaked or stolen. The ACSC’s guide Protect Yourself: Data Security is a great place to start.

How will I know if my data has been breached?

You may hear about a data breach directly from an affected organisation, or read about a breach in the media. You might also learn about data breaches through the ACSC's Alert Service.

Visit the Office of the Australian Information Commissioner data breaches page for more information, and to find out what to do if you are told about a data breach.

Details of publicly-known breaches may also be available at Have I Been Pwned. Input your email address or phone number to find out if you’ve been implicated in a known breach.

What do I do if my data has been breached?

1. Know how you are affected. If you are informed of a breach, or read about one in the media, make sure you understand what data may be affected. Consider contacting the organisation that has been breached to find out what personal or sensitive data has been compromised.
2. Follow the steps in the ACSC tool ‘Have you been hacked?’ to find out what you can do if your information has been breached. Select ‘My information has been lost or stolen’ and follow the prompts. The tool will help you secure your finances, accounts, email and identity.
3. If your password has been compromised, reset all accounts with that password immediately.
4. Be sure to confirm any communications from an organisation with an official source. Scammers might try to take advantage of you because of a data breach. For example, you may receive an email asking you to reset your password because it was compromised. Go to the official website to do this instead of using any links provided in the email.
5. Review your account security settings. Some online services allow you to view what devices have recently used your login details and any recent transactions. You can usually also log out those devices from these settings.
6. Refer to the Office of the Australian Information Commission website for more information on how to respond to a data breach containing your contact details, financial information, government-issued identity documents, tax file number and tax-related information and health information.
7. Visit the IDCARE website and complete the Get Help Form. IDCARE is Australia and New Zealand’s national identity support service. An IDCARE Identity and Cyber Security Case Manager can work with you to develop a specific response plan for your situation and support you through the process.