Skip to navigation Skip to content

Third party Data Breach 104-19010804



For the Scams and Identity Theft Helpdesk (SAITH) staff only.

This document outlines the process for staff when identifying and escalating a third party Data Breach.

Actioning advice of a third party data breach

Step

Action

1

Scams and Identity Theft Helpdesk receives advice of a third party Data Breach + Read more ...

Is the Helpdesk already aware of the third party data breach?

  • Yes, go to Step 2
  • No:
    • Request the customer provide a copy of the breach notification to the Helpdesk email address
    • Forward the email to the Identity Security, Scam and Response Team using the email template (complete as much information as known)
    • Go to Step 2

2

What personal information is at risk? + Read more ...

Did the third party data breach include any Centrelink, Medicare, Child Support or myGov information?

3

Third party Data Breach involving Services Australia credentials + Read more ...

Encourage the customer to:

  • follow the advice provided by the third party in their breach notification, and
  • review the information for individuals published by the Office of the Australian Information Commissioner

Check the customer's records, including myGov (as necessary) for suspicious activity. If appropriate, discuss and offer additional security. See Table 2 Additional security advice for Services Australia in Advice of a scam or theft/loss of personal information.

4

Third party Data Breach involving other identity credentials + Read more ...

Encourage the customer to follow the advice provided in the third party breach notification and review the information for individuals published by the Office of the Australian Information Commissioner (OAIC). The Resources page has a link to OAIC.

Although the third party breach does not include Services Australia credentials, discuss additional security and offer to minimise the risk of Identity Fraud.

See Table 3 Additional security advice for external organisations in Advice of a scam or theft/loss of personal information.