With over 100 major data breaches affecting Australian companies in the past five years alone, there is a reasonable chance your email address has appeared in at least one. Here is how to check — and what to do about it.
Step 1: Run a breach check
The fastest way to check if your email has been exposed is to use a breach check tool. DataGuard AU’s free breach check searches your email against all known data breaches and shows you your risk score, which breaches you appeared in, and what data was exposed in each.
It takes about 10 seconds and requires no account or sign-up.
Step 2: Understand what was exposed
Not all breaches are equal. A breach that exposed only your email address is much less serious than one that exposed your password, date of birth, or home address. Our breach check tells you exactly what data was included in each breach so you can prioritise your response.
Step 3: Take action based on the results
Depending on what was exposed:
- Password exposed: Change it immediately on that site and anywhere you reused it. Use a password manager.
- Email only: Be extra vigilant about phishing emails. Your address is now on spam lists.
- Name + address: Watch for identity theft attempts. Consider a credit monitoring service.
- Government ID (passport, licence): Contact the relevant government agency and consider a credit ban.
The major Australian breaches to know about
If you were a customer of any of the following, your data has almost certainly been exposed: Optus (2022), Medibank (2022), MediSecure (2024), Latitude Financial (2023), FlexiGroup (2021), Melbourne Heart Group (2019).
How do I stop it happening again?
You cannot control whether companies protect your data — but you can minimise damage:
- Use a unique, strong password for every account (password manager helps)
- Enable two-factor authentication everywhere
- Use a unique email alias for less-trusted sites
- Check your breach exposure regularly — at minimum twice per year