Go to top of page

What to do if your data is breached

13 May 2019

A lot of the information we provide online is necessary for us to sign up for accounts, goods or services, and while many organisations take measures to protect your information, data breaches can still occur.


A data breach happens when your personal information is accessed or released without your permission, or is lost. Your breached information could be used to access your accounts, for identity theft, or to impersonate or blackmail you, causing emotional distress and financial loss.

If you’re notified by an organisation that your personal information has been breached, it’s important to act quickly to reduce the impact on you. These notifications will let you know what personal information has been affected and what steps you can take.

If your data is breached, some steps you can take straight away are:

  1. Change your passwords. Remember to use strong passwords that are different across each of your online accounts. 
  2. If available, turn on two-factor authentication as additional security to your passwords.
  3. If your bank account has been affected, change your banking PIN number and monitor your bank transactions. If you spot any suspicious transactions, immediately report these to your bank.
  4. Stay vigilant to scams. If your contact details were breached, a scam email might be personalised and address you by name.
  5. Don’t share your personal information until you are certain who you are sharing it with. If you’re not sure, call the agency or organisation back using publicly available contact details (such as from their website or a phone book).
  6. If you have further questions about a data breach notification, contact the organisation that sent you the notification.

This week is national Privacy Awareness Week, an annual initiative of the Office of the Australian Information Commissioner (OAIC) that raises awareness of privacy issues and the importance of protecting personal information. In support of the week, Stay Smart Online will be shining the light on your privacy priorities. Stay tuned for more privacy tips on our Facebook page.

More information

OAIC introduced the Notifiable Data Breaches scheme in February 2018. The Notifiable Data Breaches scheme means many organisations must tell you if your personal data has been involved in a data breach, and this has put you at risk of serious harm.

Find out more about what to do following a data breach.