Data breaches have become a sad reality of modern life, creating a goldmine of personal information that scammers exploit with both immediate and long-term strategies. According to The Office of the Australian Information Commissioner (OAIC), Australia had a record number of data breaches in 2024.
“Scammers use the stolen data for targeted fraud and identity theft,” explained Martin Latimer, COBA’s Head of Financial Crimes and Cyber Resilience.
“Even if the information isn’t used immediately, it can be sold and resold for future attacks, making it crucial to be vigilant both in the immediate aftermath and ongoing if your data has been leaked in a data breach.”
To help you stay safe, COBA’s financial crimes team shares expert tips on what to do if your data has been leaked and how to protect yourself from scammers.
Immediate action after a breach
If you’re notified that your data has been compromised, you should immediately secure your accounts.
“If the notification you receive mentions a compromised email account, change the password at once. If an impacted website is mentioned, change your login password and on any other sites where you might have reused it,” Latimer advises.
This leads to his next piece of advice: password best practice.
“We know how tempting it is to use the same password everywhere, but it’s your biggest security risk. Every single account needs its own unique, strong password. A password manager can make this surprisingly simple,” he says.
He also strongly recommends adding layers of protection to your most sensitive accounts, including activating two-step verification (2FA) for your personal email and all other online accounts.
Monitor for suspicious activity
Following a data breach, it’s important to check your email regularly for alerts and notifications about your accounts.
Monitor for account activity, such as unauthorised logins, unexpected password reset notifications, and a sudden increase in the number of phishing emails. These are all signs that you could be the victim of a new data breach or that details from an old one have been sold.
Red flags for scam action
When there has been a data breach, scammers will use the compromised information to launch targeted attacks, so it’s crucial to stay alert.
“Scammers use stolen contact details to launch phishing attacks via email, text message, or phone call. They might impersonate the organisation that was breached, or they may use the name of a trusted entity or a government agency. The aim is to get you to share your private information, or to click on a link,” Latimer explains.
If a sender or caller claims to be from a company, Latimer advises to verify their identity by contacting the company back on a number you sourced yourself from their official website. Never provide your online account passwords, or any personal or financial information to unsolicited callers or contacts.
How to Stop. Check. Protect. yourself
- STOP – Don’t give money or personal information to anyone if you’re unsure. Scammers often create a sense of urgency to pressure you.
- CHECK – Ask yourself if the call, text, or email could be fake. Scammers are experts at impersonating organisations you know and trust.
- PROTECT – If you suspect an impersonation scam, terminate contact with the suspected scammer and call the genuine person or organisation on a number you have obtained yourself from a trusted source.
Reporting a scam is important to protect others and stop these criminals. Report the scam to National Anti-Scam Centre – Scamwatch.
Customer-owned banks: Here to protect you
Customer-owned banks are dedicated to safeguarding their customers from scams and frauds and have joined forces with the wider industry to establish the Scam-Safe Accord. This initiative represents a united front against scammers and reinforces the banking sector’s determination to strengthen consumer protection. Find out more about the Scam-Safe Accord here.