You have just received that dreaded email or text from your once trusted service provider that your details have been impacted by the most recent data breach. Many organisations will take accountability, some may even apologise for the inconvenience, but rarely will they tell you the next step to recovering and strengthening your privacy. 

When your details have been compromised, it is important to respond quickly and effectively to ensure the security of your other accounts and information. Organisations that must comply with the Australian Privacy Act are required to inform you if a data break involving your personal information is likely to cause you serious harm. The Office of the Australian Information Commissioner (OAIC) has published resources to assist during the recovery process if you have been affected by a data breach. Please follow this link to the OAIC’S website for more information. The OAIC also has further support channels you can access if you have been impacted by a data breach, follow this link for more information.  

Alongside the information provided by the OAIC, please read further for Wesnet’s considerations and recommendations when recovering from a data breach. 

  • Document the incident in your own words and describe the impact of the breach. Continue to document any changes you make to your accounts, this includes taking screenshots and writing down key timestamps. For more information regarding documentation, review our Documentation Tips Handout
  • Review the information that has been compromised by the breach, does this include personally identifiable information (PII)? Such as contact numbers, address, financial information or health information?
    TIP: If your physical address or updated information has been compromised, respond appropriately with safety planning. 
  • Has the compromised account been set up with a third party? For example, did you set this account up with your existing Google, Apple or Facebook account? If so, it is important to secure that account by updating the password to a strong passphrase and update the recovery details. 
  • Consider if this account is linked to any other accounts or third-party services, for example, is it linked to your calendar, photos or contacts?
  • Have you stored the account credentials in a password manager or keychain? We suggest reviewing and either removing or updating this information. 
  • Have you used the same password across multiple accounts? It may be easy to use the same password across all accounts, but this can potentially increase the vulnerability of other accounts when you have experienced a data breach. Update your credentials appropriately, start with critical accounts or essential services. Review our Password Safety Handout for further information and guidance. 
  • Review login activity; the accessibility of this will depend on the account. However this will show if there have been potential log in attempts or suspicious account activity. Set up login alerts where available. 
  • Update all recovery details and ensure these have not changed. 
  • Inform essential services that your details have been compromised in a recent data breach.
    TIP: Many services have a specialised support team for those who are experiencing domestic and family violence or other hardship. Request to be put in touch with a specialised team when reaching out to these services, if one is available.  
  • Check your credit to ensure that it has not been impacted. The OAIC has instructions on accessing your credit report here
  • Closely monitor your accounts for the following days and weeks. If your information has been impacted by a data breach, sometimes your details are shared amongst different networks or illegally sold on marketplaces. Monitor your information and the account activity closely in future.