Privacy Breach

What is a privacy breach?

A privacy breach is an incident where personal information is accessed, disclosed or lost without authorisation. If a data breach by an organisation covered by the Australian Privacy Act is likely to cause you serious harm, you must be notified under Australia’s Notifiable Data Breaches scheme. The Privacy Act applies to Australian Government agencies, businesses and not-for-profit organisations with an annual turnover of $3 million or more, credit reporting bodies, health service providers, and TFN recipients, among others.

What does "privacy" mean?

Privacy relates to any rights you have to control your personal information and how that information is used. Your information is stored in a lot of places these days, especially digitally. This includes information held by government agencies, health care organisations, financial institutions, social networking platforms, computer-app makers, and many other places.

Why are criminals interested in personal data?

Even if you think you’re the most average of people, your information still has a lot of value. That’s why cybercriminals often target organisations where they can harvest personal data resulting in a privacy breach. They can use the data they illegally acquire to commit further crimes like identity theft or selling it on the dark web. Identity theft can also negatively impact your credit score rating, so it’s essential to be vigilant and respond quickly when you hear of a privacy breach that will affect you.

There’s not much you can do to prevent them from happening when you’ve trusted the organisation’s security in storing your information. You can, however, trust that organisations covered by Australia’s Privacy Act are required to inform you as soon as they are alerted of the privacy breach.You may be told about a notifiable data breach directly, such as by email or by the organisation. By acting quickly, you can reduce your chance of experiencing harm. You should also keep a record of any action you’ve taken or assistance you’ve received. This may be useful if you experience harm as a result of a data breach such as ID theft.

What causes a privacy breach?

Some of the situations that can result in a privacy breach are set out below.

Malware. This is the term used to describe malicious software that was installed on your computer without your approval, allowing hackers to access your computer system and potentially other connected systems.

Digital backdoors. Just as physical doors can be breached if someone really wants to get into your house, so too can digital backdoors on applications be breached by hackers. Digital backdoors are a way of accessing your computer system or encrypted data which bypasses your system's standard security mechanisms.

Permissions. Organisations will often have layers of permissions, allowing staff to access different levels of information depending on their security clearance. If these aren't regularly updated, they can be exploited, such as if an ex-employee continues to access the organisation’s data after termination.

Data leak. This can occur when the privacy breach is instigated by someone working within the organisation holding the information.

Physical security. It doesn’t take much for a USB stick containing sensitive files to go missing.

Mistakes. We’re all human, and errors, unfortunately, happen.

Privacy breaches can pose a considerable risk to you, but you can take measures to mitigate any potential harm.

How to protect yourself from a breach of privacy?

While organisations you’ve given personal details to are usually outside your sphere of influence, there are a few things you can do to protect yourself if you find out your details have been compromised in a privacy breach.

• Ensure you have up-to-date anti-virus software installed on any device you use to access your emails.
• Don’t open attachments or click on links in emails or social media messages from strangers or if you’re unsure that the sender is genuine.
• Don’t share your personal information until you are certain about who you’re sharing it with. If someone calls you and claims to be from an organisation or agency, you can hang up and call the organisation or agency back using the publicly listed number on their website.
• Change your online banking account passwords to something strong that you haven’t used before and periodically change your PINs. When updating your internet banking passwords, go to the financial institution’s website directly by typing their web address into your web browser.
• Enable multi-factor authentication for your accounts if it’s available. Multi-factor authentication asks you to confirm your identity with two or more pieces of evidence, such as a password and a security code sent to your mobile phone. Using this makes it more difficult for someone to gain access to your personal information.
• Monitor your account transactions online and any paper account statements after being notified of a privacy breach. If you spot any purchases you didn’t make, report these immediately to your financial institution.
• Check your credit report to see if it includes any unauthorised loans or applications. Credit reporting bodies may hold different information about you, so you may need to request a copy of your credit report from all three credit reporting bodies in Australia, including Equifax.

If you suspect identity fraud or a case of stolen identity, you can request a ban on your credit report. We recommend that you make the request to all three credit reporting bodies in Australia, as we may hold different information about your credit history.When it comes to a privacy breach, while you can’t control when it happens, you can help mitigate the harm to yourself and your loved ones. Contact Equifax to obtain a copy of your credit score today.

If you are experiencing harm caused by a privacy breach, contact IDCARE – Australia’s national identity and cyber support service – and get advice from an identity and cybersecurity counsellor. You can contact their Australian National Case Management Centre at 1800 595 160, from Monday to Friday: 8.00 a.m. to 5.00 p.m. AEST.