Skip to navigation Skip to content

Third party Data Breach 104-19010804

Expand/Collapse all sectionsExpand all



For the Scams and Identity Theft Helpdesk (SAITH) staff only.

This document outlines the process for staff when identifying and escalating a third party Data Breach.

Actioning advice of a third party data breach

Expand table

Step

Action

1

Scams and Identity Theft Helpdesk receives advice of a third party Data Breach

Is the Helpdesk already aware of the third party data breach?

  • Yes, go to Step 2
  • No:
    • Request the customer provide a copy of the breach notification to the Helpdesk email address
    • Forward the details via email to Identity Security and Scams using the email template (complete as much information as known)
    • Go to Step 2

2

What personal information is at risk?

Did the third party data breach include any Centrelink, Medicare, Child Support or myGov information?

3

Third party Data Breach involving Services Australia credentials

Encourage the customer to:

  • follow the advice provided by the third party in their breach notification, and
  • review the information for individuals published by the Office of the Australian Information Commissioner

Check the customer's records, including myGov (as necessary) for suspicious activity. If appropriate, discuss and offer additional security. See Advice of a scam or theft or loss of personal information.

4

Third party Data Breach involving other identity credentials

Encourage the customer to follow the advice provided in the third party breach notification and review the information for individuals published by the Office of the Australian Information Commissioner (OAIC). The Resources page has a link to OAIC.

Although the third party breach does not include Services Australia credentials, consider offering advice from Identity Fraud.

See Table 4 in Advice of a scam or theft or loss of personal information.