Skip to main content

Data breach

Sometimes personal information can be disclosed to unauthorised people. Learn what to do when your data is lost or disclosed.

Icon of a question mark inside a speech bubble

What is a data breach or spill? 

A data breach is when personal information is shared with or accessed by an unauthorised person. This can be by accident or because of a security breach. It is also referred to as a 'data spill'. 

Who is at risk of a data breach? 

Individuals, small businesses and large organisations and government are all at risk. A breach can affect anyone who has provided personal information and anyone who has collected and stored it. 

How do I avoid being part of a data breach? 

  1. Limit the amount of personal information you share online, especially on social media. Only tell the organisation what they need to know to provide a good or service. 
  2. Look for organisations that have a commitment to cyber security. Don’t use platforms that have a bad cyber security reputation or that you are unsure about.  
  3. Avoid re-using passwords so that if one is compromised, your other accounts are not at risk.  
  4. Don’t create online accounts unnecessarily. If less secure platforms are breached your log-in credentials and other details may become available on the dark web. 
Icon of an exclamation mark inside a speech bubble

How will I know if my data has been breached? 

The Notifiable Data Breaches scheme requires organisations to report data breaches if they meet certain requirements. Visit the Office of the Australian Information Commissioner Notifiable data breaches page for more information, and to find out what organisations have reported a breach. 
In cases where they are not required to report to the Office of the Australian Information Commissioner, details of publicly-known breaches may be available at Have I Been Pwned. Input your email address or phone number to find out if you’ve been implicated in a known breach. 
Lastly, sometimes organisations may have had data breaches in the past but not become aware until later. During this time, your details may be compromised without your knowledge. Follow the above steps to mitigate the impact of this from occurring.

Icon of a clipboard with text on it

What do I do if my data has been breached? 

  1. If your password has been compromised, reset all accounts with that password immediately.  
  2. Know how you are affected. If you are informed of a breach, or read about one in the media, make sure you understand what data may be affected. Check your details on Have I Been Pwned and visit the official website of the affected organisation. 
  3. Be sure to confirm any communications from an organisation with an official source. Scammers might try to take advantage of you because of a data breach. For example, you may receive an email asking you to reset your password because it was compromised. Go to the official website to do this instead of using any links provided in the email. 
  4. Review your account security settings. Some online services allow you to view what devices have recently used your login details and any recent transactions. You can usually also log out those devices from these settings.  
  5. Refer to the Office of the Australian Information Commission Respond to a data breach page for more steps you can take.
  6. Contact IDCare on 1800 595 160 or use their free Cyber First Aid Kit for more steps you can take.

2 minute quiz

Think you know what to do if you’re affected by a data breach?

Was this information helpful?
Was this information helpful?

Thanks for your feedback!


Tell us why this information was helpful and we’ll work on making more pages like it