Guide - You have been told your information has been breached
Read the document below or download it here: Guide - You have been told your information has been breached June 2025
When a NSW agency, local council, university or State-Owned Corporation contacts you and tells you that your personal information has been involved in a data breach, there are steps you will need to take to help keep yourself safe.
By taking these steps, you can protect yourself from identity theft, scams and fraud.
You need to carefully read all notifications made to you about a breach. They should include the types of personal information that was affected. This document will provide more information about what you should know when you are contacted and why taking these steps matters in protecting you and your privacy.
What should you do next:
| What information? | What should you do now? | Why it matters |
|---|---|---|
|
Identity information such as:
|
Regularly check your credit card and bank statements for odd transactions Monitor your credit report. Credit reports are free from credit reporting agencies If you see unusual activity and suspect fraud, you can ask for a temporary credit ban |
Your identity information can be used for identity theft and financial crime
|
|
Credit card or bank account information such as
|
Check your online account or statements - contact your bank immediately if you find any transactions or transfers that you did not make Cancel or suspend your credit or debit card via your online banking account Phone or visit your bank and request a new credit or debit card |
Thieves could use your information to make purchases or transfer money from your account |
| Your phone number |
Look out for scam calls or text messages Don’t share your personal information over the phone unless you are certain about who you are sharing it with If someone calls you and claims to be from an organisation or an agency, hang up and call them back using the phone number from their website Do not click on links in text messages or provide your log-in information |
Scam calls and text messages can provide thieves with access to your accounts and more of your personal information |
| Email address or password |
Change your email account password Try to make your password at least 12 characters, combining uppercase and lowercase letters, numbers, and symbols |
Someone may use your email address to send fake emails from you to your family or friends to:
Your email may contain valuable information about you that someone could use to steal your identity or commit fraud
|
| Driver licence |
You may need to replace your driver licence. Contact Service NSW or Transport for NSW for advice on whether you need to request a new driver licence |
Your licence number and card number can be used for identity theft |
| Passport | Contact the passport office to cancel your passport and apply for a new passport | Your passport information can be used for identity theft and financial crime |
|
Log-in or password information for your MyService NSW account
|
Reset your password and PIN Set up multi-factor authentication If your account has been accessed, you can deactivate your account and create a new one Call or visit Service NSW for advice or assistance with any of these steps |
Thieves could access your MyService account, get more of your personal information and fraudulently apply for government services, vouchers or rebates in your name. |
|
Log-ins or passwords for accounts like online banking, email, utilities and social media
|
Re-set your password If available, set up multi-factor authentication Avoid using the same password on multiple online accounts
|
Someone could access your accounts and:
|
For more information and support visit the Information and Privacy Commission’s website (www.ipc.nsw.gov.au/data-breach-support), contact ID Support NSW (www.nsw.gov.au/id-support-nsw), or IDCare (www.idcare.org).
