ACSC – how to handle a data breach

Useful tips for clients that may be facing cyber issues

ACSC – how to handle a data breach


By Roxanne Libatique

With many Australian organisations becoming victims of cyber incidents over the recent years, the Australian Cyber Security Centre (ACSC) offered some tips that you can share with your clients when a data breach incident occurs.

Six top tips, according to the ACSC, include:

  • Get to know the details
  • Be aware of scams
  • Protect your accounts
  • Protect your identity
  • Secure finances
  • Check for unauthorised activity

Know the details

Direct notifications of a data breach include the type of information potentially breached.

ACSC advised customers to contact the affected organisation or visit the affected organisation's website to look for official announcements and steps to take. Consumers may also use the ASCS's “Have you been hacked?” tool, which tells the steps to take to secure finances, accounts, emails, and other personal information.

Be aware of scams

Scammers might take advantage of a cyber breach incident by posing as a representative of the affected organisation via email, text, or phone.

“For example, you may receive an email asking you to reset your password because it was compromised. Do not use the links or contact details provided in the message or email. Visit the official website and log in to your account, or call their phone number,” the ACSC said.

Protect your accounts

ACSC advised customers to change their passwords and review their security settings. If the password has already been compromised in the incident, affected customers must reset their other accounts that use the same password as soon as possible.

Protect your identity

Data breach incidents could lead to identity theft. Therefore, ACSC advised customers to visit the website of IDCARE – the national identity support service of Australia and New Zealand – and complete the “Get Help Form,” or call 1800 595 160 to access IDCARE's Identity and Cyber Security Case Managers.

Meanwhile, customers whose identity has been stolen may apply for a Commonwealth Victims' Certificate, which helps support the affected individual's claim that they have been a victim of identity theft and can be used to establish their credentials with governments and financial institutions.

Secure finances

A data breach could impact personal and financial information.

ACSC said: “Contact your bank or financial institution immediately. Follow their guidance on securing your account and freezing any affected accounts or cards.

“If you are not satisfied with the response from your bank, you can seek free advice from the Australian Financial Complaints Authority (AFCA). If you have lost money, do not accept offers from third parties to help you get it back – this is a common tactic used by scammers to steal more money from you.”

Check for unauthorised activity

ACSC advised customers to continue to check and monitor for unauthorised activity after receiving data breach notifications from the affected organisation.

Red flags include:

  • social media posts in the customer's name;
  • private messages, texts, or emails in the customer's name;
  • unauthorised purchases;
  • automatic transactions that have been set up without the customer's authorisation; and
  • changes to financial or banking details.

“Be aware that if a person accesses your account, they may be able to hide their activity, for example, by permanently deleting messages they sent in your name,” ACSC said.

Last month, Verizon Business's latest Data Breach Investigations Report (DBIR) warned that the frequency and cost of cyberattacks have been alarmingly rising, with over a third of Australian organisations (36%) having experienced a data breach in the recent months.

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!