You’ve just found out your data was involved in a breach. Maybe it was Optus, Medibank, Latitude, or one of the hundreds of other breaches affecting Australians. What do you actually do now?
This guide covers the exact steps โ in priority order โ for Australians dealing with a data breach.
Step 1: Find Out Exactly What Was Exposed (First 30 Minutes)
Before you do anything else, know what you’re dealing with. Different types of data require different responses.
Check your email address against all known breaches: Free breach check โ
The notification from the company (if you received one) should also specify what categories of data were stolen. Look for:
- Passwords โ change immediately everywhere you used that password
- Financial data / credit cards โ contact your bank today
- Government IDs (licence, passport, Medicare) โ place a credit ban
- Medical data โ alert your health insurer and Medicare
- Email + name + phone โ watch for phishing and scams
Step 2: Secure Your Accounts (First Few Hours)
Change compromised passwords
If your password was exposed, change it on every service where you used that password. Do not reuse passwords โ use a password manager (1Password, Bitwarden, or Apple Keychain) to generate unique passwords for every account.
Enable two-factor authentication
Turn on 2FA on every important account โ especially email, banking, and social media. Use an authenticator app (Google Authenticator, Authy) rather than SMS where possible.
Check for unauthorised access
Log into affected services and check your login history. Most platforms (Google, Facebook, Apple ID) show recent logins with location and device. Revoke any sessions you don’t recognise.
Step 3: Protect Your Identity (Within 48 Hours)
If government IDs were exposed
Place a credit ban immediately. Contact all three bureaus:
- Equifax: 13 83 32
- Experian: 1300 783 684
- illion: 1300 734 806
A credit ban is free and prevents anyone opening new credit in your name.
Consider renewing your driver’s licence โ this invalidates the stolen number. Contact your state transport authority.
If financial data was exposed
Call your bank and flag your account for potential fraud. Request a new card number if your card details were included. Monitor your statements daily for the next 30 days.
If Medicare details were exposed
Contact Services Australia on 132 011 and your private health insurer. Request a new Medicare card number.
Step 4: Monitor for Misuse (Ongoing)
- Credit report: Get a free annual credit report from each bureau and check for enquiries or accounts you don’t recognise
- Bank alerts: Set up transaction notifications for all your accounts
- Email alerts: Sign up for future breach notifications at dataguardau.com/breach-check
- Scam awareness: Be extremely wary of calls, texts, or emails that reference your personal details โ scammers buy breach data specifically for targeted attacks
Step 5: Your Legal Rights as an Australian
Right to know
Under the Notifiable Data Breaches scheme, organisations must notify you and the OAIC if a breach is likely to cause serious harm. You have the right to know what data was taken.
Right to request deletion
Under APP 11 of the Privacy Act, you can request that an organisation delete your personal information if they no longer need it. Write to their Privacy Officer citing the Privacy Act 1988.
Right to complain
If you believe an organisation mishandled your data, lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or call 1300 363 992.
Compensation
Class action lawsuits have been filed against both Optus and Medibank following their respective breaches. If you were significantly affected, you may be eligible to join. Monitor announcements from law firms like Slater and Gordon and Maurice Blackburn.
Australian Support Resources
- IDCARE โ 1800 595 160 โ Free identity and cyber support
- ACSC โ 1300 CYBER1 โ Australian Cyber Security Centre
- OAIC โ 1300 363 992 โ Privacy complaints
- Scamwatch โ scamwatch.gov.au โ Report scams
Want Professional Help?
A DataGuard personal audit covers your full digital exposure, gives you a prioritised action plan, and tells you exactly what’s circulating about you online. Get a Personal Audit for $99 โ