Data Breach Response Guide for Australians: What to Do in the First 24 Hours

Complete 24-hour action plan for responding to data breaches in Australia. Step-by-step guide for Medibank, Optus, and other breaches affecting Australians.

1,113 data breaches were reported to the OAIC in 2024. That's 3 breaches every single day in Australia.

If a company loses your data—and statistically, it's a matter of when, not if—you need to act fast. The first 24 hours determine whether you're a victim of identity theft or just another statistic who took the right precautions.

This guide gives you a hour-by-hour action plan for responding to any Australian data breach, whether it's your:

Health insurer (Medibank, Bupa)
Telco (Optus, Telstra)
Retailer (Catch, Kmart)
Government service (Services Australia, ATO)
Bank or financial institution

Let's make sure you're protected.

Understanding Data Breaches
First 24 Hours: Immediate Actions
Week 1: Securing Your Accounts
Month 1-3: Ongoing Monitoring
Long-Term Protection
Breach-Specific Guides
Your Legal Rights

Understanding Data Breaches

What Is a Data Breach?

A data breach occurs when unauthorized people access personal information held by a company or organization. This can include:

Personal Information:

Name, address, date of birth
Email, phone number
Driver's license, passport number
Medicare number, health fund details

Financial Information:

Credit card numbers
Bank account details
Tax File Number (TFN)
Superannuation details

Sensitive Information:

Medical records
Health claims
Mental health treatment
Criminal history

How Breaches Happen

Common causes:

Cyberattacks (hackers breach company systems)
Ransomware (hackers lock systems and demand payment)
Human error (employee sends data to wrong person)
Lost/stolen devices (laptop with unencrypted data)
Phishing (employee tricked into giving access)

Why You Need to Act Fast

Criminals use stolen data to:

Open bank accounts in your name
Apply for credit cards and loans
File fake tax returns to steal refunds
Claim Medicare/Centrelink benefits
Sell your identity on the dark web
Target you with personalized scams

The faster you act, the harder it is for criminals to profit from your data.

First 24 Hours: Immediate Actions

Hour 0-1: Confirm the Breach

Step 1: Verify it's a legitimate breach notice

Scammers send fake breach notifications to steal more data.

✅ How to verify:

Go directly to the company's official website (don't click email links)
Check their homepage or newsroom for breach announcements
Search "[company name] data breach" on news.com.au or ABC News
Check the OAIC notifiable data breaches report

✗ Red flags for fake breach notices:

Email asks you to click a link to "secure your account"
Requests your password or credit card to "verify identity"
Threatens immediate consequences if you don't act now
Email address doesn't match company domain

Step 2: Determine what data was compromised

Companies are required to tell you:

What type of data was accessed (names, addresses, Medicare numbers, etc.)
How many people were affected
What steps they're taking

Read the breach notice carefully. The severity of your response depends on what was stolen.

| Data Type | Risk Level | Action Priority | |-----------|------------|-----------------| | Name + email only | Low | Monitor for phishing | | Name + phone | Low-Medium | Watch for scam calls | | Date of birth + address | Medium | Monitor credit file | | Driver's license number | High | Consider ID freeze | | Passport number | High | Monitor passport status | | Medicare number | High | Check Medicare claims | | TFN | Critical | Freeze credit immediately | | Bank account/card details | Critical | Cancel cards now |

Hour 1-3: Secure Your Financial Accounts

Step 3: Change passwords for affected services

If the breached company stores your password:

Change your password for that service immediately
If you reused that password elsewhere, change those too
Use a unique password (use a password manager like Bitwarden or 1Password)

How to create strong passwords:

16+ characters minimum
Use a password manager to generate random passwords
Never reuse passwords across sites
Enable two-factor authentication (2FA)

Step 4: Enable two-factor authentication (2FA)

Add 2FA to these accounts immediately:

myGov (Settings → Security → Manage two-step verification)
Banking apps (check your bank's security settings)
Email accounts (Gmail, Outlook, etc.)
Any account with financial/personal information

2FA options (in order of security):

✅ Authenticator app (Microsoft Authenticator, Google Authenticator)
✅ Security key (YubiKey)
⚠️ SMS (better than nothing, but can be intercepted)

Step 5: Check your bank accounts

Look for:

Unauthorized transactions
New payees added
Changes to contact details
Direct debits you didn't authorize

If you find anything suspicious:

Call your bank immediately (number on your card)
Dispute the transaction
Request new cards
Change your online banking password

Hour 3-6: Protect Your Identity

Step 6: Place a ban on your credit file

What is a credit ban? A ban prevents anyone (including you) from accessing your credit file. This stops criminals from:

Applying for credit cards in your name
Taking out loans using your identity
Opening utility accounts

How to place a ban: You need to contact all three credit reporting agencies:

Equifax:

Call: 138 332
Online: equifax.com.au
Service: Free credit ban

Experian:

Call: 1300 783 684
Online: experian.com.au
Service: Free credit ban

illion (formerly Dun & Bradstreet):

Call: 1300 734 806
Online: illion.com.au
Service: Free credit ban

How long should the ban last?

Minimum: 21 days (default free period)
Recommended: 12 months if sensitive data was stolen (TFN, passport, license)

Important: You'll need to remove the ban temporarily if you want to apply for credit yourself.

Step 7: Get your free credit report

Check for:

Credit applications you didn't make
Accounts you didn't open
Inquiries from companies you don't recognize
Incorrect personal information

How to get your free report:

Equifax: Free report every 3 months
Experian: Free report every 3 months
illion: Free report every 3 months

Set a reminder to check again in 30 days, 60 days, and 90 days.

Hour 6-12: Secure Government Accounts

Step 8: Lock down your myGov account

Critical if the breach included:

Name + date of birth
Medicare number
Centrelink details
TFN

Actions:

Log in to my.gov.au
Change your password (Settings → Account security)
Enable two-step verification
Review linked services (make sure no unauthorized links)
Check your messages for suspicious activity

Review your linked services:

ATO: Check for unauthorized tax returns
Medicare: Check for unusual claims
Centrelink: Check for benefit changes
Child Support: Check for unauthorized changes

Step 9: Check your Medicare claims

If the breach included Medicare/health data:

Log in to myGov and go to Medicare
Select "Claims" or "View claims history"
Look for:
- Medical services you didn't receive
- Prescriptions you didn't fill
- Providers you've never visited

If you find fraudulent claims:

Call Medicare: 132 011
Report the fraud
Request a review of your claims history

Step 10: Monitor ATO activity

If the breach included TFN or tax information:

Log in to myGov → ATO
Check for:
- Tax returns you didn't lodge
- Refunds you didn't receive (someone may have redirected them)
- Changed bank account details
- New tax agents linked to your account

If you find suspicious activity:

Call the ATO: 13 28 61
Report identity theft
Request a security code for future lodgments

Hour 12-24: Document Everything

Step 11: Keep detailed records

Create a breach response folder (digital or physical) with:

Original breach notification email/letter
Screenshots of your actions (password changes, credit bans, etc.)
Contact logs (who you called, when, what was said)
Credit reports (before and after)
Any suspicious activity you discover
Correspondence with the breached company

Why this matters:

Evidence for insurance claims
Proof for legal action
Reference for future issues
Required for OAIC complaints

Step 12: Register with IDCARE (free support)

IDCARE is a free, government-funded identity theft support service.

They'll help you:

Create a personalized recovery plan
Navigate complex identity theft issues
Liaise with organizations on your behalf
Provide emotional support

Contact IDCARE:

Call: 1800 595 160 (Mon-Fri 8am-5pm AEST)
Online: idcare.org

Service is completely free and confidential.

Week 1: Securing Your Accounts

Days 2-7: Comprehensive Account Review

Step 13: Review all online accounts

Check these accounts for suspicious activity:

Financial:

Bank accounts (all of them)
Credit cards
PayPal, AfterPay, Zip
Superannuation (check for unauthorized withdrawals or rollovers)
Cryptocurrency exchanges
Share trading accounts

Shopping/Utilities:

Amazon, eBay, catch.com.au
Electricity, gas, water accounts
Telco accounts (check for SIM swaps or new services)

Government:

myGov (all linked services)
State government services (licensing, rego)
Council rates

What to look for:

Unauthorized transactions
Changed contact details (email, phone, address)
New linked accounts or devices
Password reset attempts
Login attempts from unfamiliar locations

Step 14: Secure your email

Your email is the master key to your identity.

If a hacker has access to your email:

They can reset passwords for all your accounts
Read your private correspondence
Impersonate you
Access financial statements

Email security checklist:

[ ] Change password (16+ characters, unique)
[ ] Enable 2FA (authenticator app, not SMS)
[ ] Review "connected apps" and remove suspicious ones
[ ] Check email forwarding rules (Settings → Forwarding)
[ ] Review recovery email/phone number
[ ] Check for unfamiliar devices in "Recent activity"

For Gmail:

Go to myaccount.google.com/security
Review "Your devices" and remove unfamiliar ones
Check "Third-party apps with account access"

For Outlook/Microsoft:

Go to account.microsoft.com/security
Review "Sign-in activity"
Check "Apps and services"

Step 15: Check for SIM swap fraud

What is SIM swapping? Criminals use your stolen data to convince your telco to transfer your phone number to their SIM card. Once they have your number:

They can receive your 2FA SMS codes
Access accounts protected by SMS verification
Impersonate you to family/friends

How to check:

Did your phone suddenly lose service?
Are you receiving texts about number transfers?
Can you still make calls?

How to prevent:

Call your telco (Telstra, Optus, Vodafone)
Request a port freeze or PIN on your account
Ask them to note that you've been affected by a data breach

Telco numbers:

Telstra: 13 22 00
Optus: 133 937
Vodafone: 1555

Month 1-3: Ongoing Monitoring

Weeks 2-4: Watch for Delayed Fraud

Identity theft isn't always immediate. Criminals often wait weeks or months before using stolen data to avoid detection.

Step 16: Monitor your credit file monthly

Set calendar reminders to:

Week 4: Check credit report (Equifax)
Week 8: Check credit report (Experian)
Week 12: Check credit report (illion)

Each agency allows one free report every 3 months—rotate between them for monthly coverage.

Step 17: Watch for targeted scams

You'll likely receive more scam attempts after a breach.

Scammers will:

Reference the breach to seem legitimate
Offer "credit monitoring" services (often fake)
Claim to be from the breached company
Use your stolen data to personalize scams

Example post-breach scam:

Email: "Dear [Your Real Name],

Due to the recent Optus breach, we're offering affected
customers 12 months of free credit monitoring.

Click here to activate: [LINK]

[Looks like Optus email, but isn't]

Protection:

Never click links in emails about the breach
Go directly to the company's official website
Legitimate credit monitoring will be announced on their official site
Be extra skeptical of any contact referencing the breach

Step 18: Review unusual mail

Watch for:

Credit cards you didn't apply for
Bills for services you didn't sign up for
Letters from debt collectors for debts that aren't yours
Government correspondence about claims you didn't make
Bank statements for accounts you didn't open

If you receive any:

Contact the sender immediately
Inform them you're a victim of identity theft
Request they close/cancel the fraudulent account
Keep copies of all correspondence

Long-Term Protection (3+ Months)

Step 19: Consider paid credit monitoring

Free options:

Credit Savvy (free credit score monitoring)
ClearScore (free credit score monitoring)

Paid options (if breach was severe):

Equifax Protect ($19.95/month) - includes alerts, dark web monitoring
Experian IdentityWorks ($9.95/month) - credit monitoring + alerts

Worth it if:

TFN was compromised
Passport/license number was stolen
You want 24/7 monitoring instead of manual checks

Step 20: Update your passwords annually

Set a calendar reminder:

Review all important accounts once per year
Change passwords that may have been reused
Remove old/unused accounts
Update 2FA methods

Use a password manager to:

Generate unique passwords for every site
Store them securely
Alert you to reused passwords
Identify accounts from breached companies

Recommended password managers:

1Password (AU$5.49/month)
Bitwarden (free or AU$1.50/month premium)
Dashlane (AU$9.99/month)

Step 21: Freeze documents

If passport number was stolen:

Call DFAT: 131 232
Report your passport as "compromised"
Consider getting a new passport number

If driver's license was stolen:

Check your state licensing authority
Some states allow you to request a new license number
Monitor for traffic fines/demerit points you didn't receive

Breach-Specific Guides

Medibank/AHM Breach (October 2022)

What was stolen:

Names, addresses, dates of birth
Medicare numbers
Health claims data (including mental health, sexual health)
Passport numbers (for some)

Specific actions:

Monitor Medicare claims monthly for 12 months
Watch for targeted scams referencing your health data
Consider Medibank's IDCARE support (free for affected customers)
Check for medical identity theft (fraudulent claims)

Read our detailed guide: Medibank Hack Timeline & Response

Optus Breach (September 2022)

What was stolen:

Names, dates of birth, addresses
Phone numbers, email addresses
Driver's license numbers
Passport numbers (for some customers)

Specific actions:

Free credit monitoring (Equifax, 12 months) - check Optus website for enrollment
Passport replacement offered (for those with passport numbers exposed)
Monitor for SIM swap fraud
Watch for Optus-themed scam calls/texts

Read our detailed guide: Optus Data Breach Timeline

General Healthcare Breach

If your health insurer was breached:

Monitor Medicare claims (medical identity theft)
Watch for insurance fraud (false claims in your name)
Be prepared for targeted scams (blackmail, embarrassment)
Check with your insurer about free support services

General Telco Breach

If your telco was breached:

Request port freeze immediately
Monitor phone bill for unauthorized services
Watch for SIM swap attempts
Check credit file (scammers use telco data for ID verification)

Your Legal Rights in Australia

What Companies Must Do

Under the Privacy Act 1988 and Notifiable Data Breaches scheme, companies must:

Notify you if your data is breached and likely to cause serious harm
Notify the OAIC (Office of the Australian Information Commissioner)
Provide information about:
- What data was compromised
- What they're doing about it
- Steps you should take

What You Can Do

File a complaint with the OAIC

When to complain:

Company didn't notify you promptly
Company mishandled your data
Company isn't helping you resolve issues

How to complain:

Try to resolve with the company first
If unresolved, submit complaint to OAIC
Go to: oaic.gov.au/privacy/privacy-complaints

Join a class action lawsuit

Several breach class actions have succeeded in Australia:

Medibank settlement: Compensation for affected customers
Optus settlement: Ongoing

How to join:

Watch for announcements from law firms
Register your interest (usually free, no-win-no-fee)
Keep your breach response records as evidence

Claim damages

You may be entitled to compensation for:

Time spent responding to the breach
Financial losses from identity theft
Emotional distress (especially for health data breaches)
Credit monitoring costs

How to claim:

Document all time and expenses
Keep receipts for any costs (credit monitoring, new ID documents)
Consult with a lawyer (many offer free consultations)

Checklist: Your 24-Hour Breach Response

Print this checklist and keep it handy:

Hour 0-1

[ ] Verify the breach is legitimate
[ ] Determine what data was compromised
[ ] Read the official breach notice carefully

Hour 1-3

[ ] Change passwords for affected services
[ ] Enable 2FA on critical accounts
[ ] Check bank accounts for unauthorized activity

Hour 3-6

[ ] Place credit ban with Equifax, Experian, and illion
[ ] Request free credit report from one agency
[ ] Review credit report for fraudulent activity

Hour 6-12

[ ] Secure myGov account (password + 2FA)
[ ] Check Medicare claims for fraud
[ ] Monitor ATO for unauthorized activity
[ ] Contact telco about SIM swap protection

Hour 12-24

[ ] Document everything in a breach folder
[ ] Register with IDCARE for support
[ ] Set calendar reminders for ongoing monitoring

Week 1

[ ] Review all online accounts
[ ] Secure email account completely
[ ] Check for SIM swap fraud

Month 1-3

[ ] Check credit report monthly (rotate agencies)
[ ] Watch for targeted post-breach scams
[ ] Monitor unusual mail

Free Resources

Government Support:

IDCARE - Free identity theft support: 1800 595 160
OAIC - Privacy complaints and breach reports
Scamwatch - Scam reporting and alerts

Credit Agencies (Free Reports):

Equifax - 138 332
Experian - 1300 783 684
illion - 1300 734 806

Key Phone Numbers:

Medicare: 132 011
ATO: 13 28 61
Centrelink: 132 850
DFAT (passports): 131 232

Get Our Free Post-Breach Checklist

We've created a printable PDF with this entire action plan condensed into a single-page checklist you can follow step-by-step.

Download Free Breach Response Checklist →

Want Complete Protection?

This guide covers breach response—but what about preventing breaches from affecting you in the first place?

Our Australian Financial Security Toolkit ($149) includes:

Complete MyGov security lockdown guide
Bank app privacy settings (CommBank, NAB, Westpac, ANZ)
Password manager setup walkthrough
Medicare & My Health Record privacy checklist
Digital estate planning guide
Video tutorials for all major platforms

Learn More About the Toolkit →

Conclusion

47% of Australians were affected by data breaches in 2024. If a company loses your data, the first 24 hours are critical.

This guide gives you the exact steps to take—hour by hour—to protect yourself from identity theft, financial fraud, and ongoing scams.

Print this guide. Save it. Share it with family.

The next breach is probably already happening. Make sure you're ready.

Stay protected.

Was your data exposed in a recent breach? Email us at hello@ausprivacykit.com and we'll help you navigate the response.