There are some steps you can take to help protect yourself against these scams. We recommend you take the following steps:

Contact information (name and/or phone number)

Where a third party has accessed and disclosed your contact information, it is important to:

• be aware of email, telephone and text-based scams. Do not share your personal information with anyone unless you are confident about who you are sharing it with;
• when on a webpage asking for your login credentials, take note of the web address or URL (‘Uniform Resource Locator’). The URL is located in the address bar of your web browser and typically starts with https://;
• if you are suspicious of the URL, do not provide your login details. Contact the entity through the usual channels to ensure you are logging into the correct web page. Please note that we will never contact you to ask for your username or password;
• enable multi-factor authentication for your online accounts where possible, including your email, banking, and social media accounts;
• ensure you have up-to-date anti-virus software installed on any device you use to access your online accounts;
• check the strength of your passwords and whether they have been involved in any data breaches on the NSW Government password checker website: https://www.nsw.gov.au/id-support-nsw/passwords; and
• follow the Australian Competition and Consumer Commission’s Scamwatch guidance for protecting yourself from scams here: https://www.scamwatch.gov.au/get-help/protect-yourself-from-scams/

For more information, you can visit the OAIC’s tips for further guidance about protecting your identity: https://www.oaic.gov.au/privacy/your-privacy-rights/tips-to-protect-your-privacy/ or the IPC’s data breach support page: https://www.ipc.nsw.gov.au/privacy/resources-citizens/data-breach-support

Partial Australian Drivers Licence information (current or expired)

Any unauthorised access to your driver licence number alone does not affect its validity and you are still able to use it for its intended purpose, and as a valid form of proof of identity.

The risk of misuse of a driver licence number alone is low and there is no need to replace your licence.

Bank account details (account name, account number, BSB number)

A BSB and account number does not present a direct misuse risk as they do not allow unauthorised access to your bank account. However, the BSB does identify who the financial institution is, which may make impersonation scam attempts appear more legitimate.

Should you have any concerns, you can do the following:

• review your transaction history and bank account statements for any suspicious activity;
• contact your bank to report this event and flag any suspicious activity identified;
• where available use two-step authentication – such as SMS codes to your mobile phone;
• check your credit report yearly (this alerts you to any attempts to open a credit account in your name). Information about obtaining a credit report is provided below; and
• never respond to, open or click on links in emails purporting to be from your bank (it is always safer to call).

Superannuation membership ID

Your superannuation membership ID by itself cannot be used to allow unauthorised access to your superannuation account. However, you may wish to:

• check your transaction statements closely;
• contact your super fund to report this incident and request to have tighter security on your account, such as adding a security question only you would know the answer to, or a new PIN;
• where available use two-step authentication – such as SMS codes to your mobile phone;
• check your credit report yearly (this alerts you to any attempts to open a credit account in your name); and
• never respond to, open or click on links in emails purporting to be from your superannuation company (it is always safer to call).

Full Medicare card information (expired)

If you’re concerned or you’ve been affected, the easiest way to replace your Medicare card is by using your Medicare online account through myGov.

The Services Australia website contains helpful information about the steps you can take to replace your card.

If you are concerned about the security of your Medicare, Centrelink and myGov accounts, please visit www.servicesaustralia.gov.au/databreach for more information on how you can protect your personal information after a data breach.

Full Australian Passport information (current or expired)

Any unauthorised access to your passport does not affect the document’s validity and you are still able to use it for travel and as a valid form of proof of identity.

However, passport credentials can be used to conduct fraudulent transactions when combined with other forms of identification. As a rule of thumb, the more ID documents available, the easier it is to construct a fake profile for fraudulent purposes.

Where a passport may have been accessed by an unauthorised third party, you may wish to consider replacing your passport by contacting the issuing authority. Before replacing your passport, we recommend that you refer to the data-breach frequently asked questions (FAQs) on the Australian Passport Office website https://www.passports.gov.au/data-breaches

Also please carefully consider the impact of replacing your passport if you are thinking of doing so. Replacing a passport may prevent you from using it as a valid form of ID, obtaining credit for legitimate purposes or affect your travel plans in the short term while a new passport is being issued. Please consider this advice and your own circumstances before deciding to replace your passport.

If your passport has expired more than three years ago, or has been replaced, you do not need to replace your passport again.

We also recommend that you review and continue to monitor your consumer credit report for any discrepancies or unusual activity. Information about obtaining a credit report or credit ban is provided below.

Partial Overseas Passport Information (current or expired)

Any unauthorised access to your passport number does not affect the document’s validity and you are still able to use it for travel and as a valid proof of identity.

However, a passport number may provide credentials that can be used to conduct fraudulent transactions when combined with other forms of identification. As a rule of thumb, the more ID documents available, the easier it is to construct a fake profile for fraudulent purposes.

Where an overseas passport has been accessed by an unauthorised third party, you may want to consider replacing your passport by contacting the issuing authority or your local embassy.

Also carefully consider the impact of replacing your passport if you are thinking of doing so. Replacing a passport may prevent you from using it as a valid form of ID, obtaining credit for legitimate purposes or affect your travel plans in the short term while a new passport is being issued. Please consider this advice and your own circumstances before deciding to replace your passport.

We also recommend that you review and continue to monitor your consumer credit report for any discrepancies or unusual activity. Information about obtaining a credit report or credit ban is provided below.

Citizenship Certificate or evidence of Citizenship

Unauthorised access to your Citizenship Certificate does not affect its validity, and you will still be able to use it for its intended purpose.

However, this document may provide credentials that can be used to conduct fraudulent transactions when combined with other forms of identification. As a rule of thumb, the more ID documents available, the easier it is to construct a fake profile for fraudulent purposes.

Replacing a Citizenship Certificate may not reduce the risk of misuse as it will be reissued with the same registration number. Therefore, we recommend that you review and continue to monitor your consumer credit report for any discrepancies or unusual activity. Information about obtaining a credit report is provided below.

If a person is seeking to replace their Australian citizenship certificate, information is provided on the Department of Home Affairs website at: https://immi.homeaffairs.gov.au/citizenship/certificate/get-a-certificate

Centrelink Customer Reference Number (CRN)

Your CRN by itself cannot be used as a proof of identity.

You do not need to request a replacement Centrelink concession card (if you have one).

There is nothing further you need to do, however, if you are concerned about the security of your Centrelink account, you can contact Services Australia to add a verbal password. To increase the security of your online accounts, please consider using strong passwords and multi-factor authentication.

Please visit www.servicesaustralia.gov.au/databreach for more information on how you can protect your personal information after a data breach.

You can apply for an annual free credit report from one of the consumer Credit Reporting Agencies below.

You can also consider contacting the below credit reporting bodies to place a temporary ban on your credit report. This means that they will not be able to share your credit report with credit providers without your consent for 21 days (unless extended).

Additional general resources on identity and cyber security support can be found here:

• https://www.ipc.nsw.gov.au/privacy/resources-citizens/data-breach-support
• https://www.oaic.gov.au/privacy/data-breaches/data-breach-support-and-resources/
• https://www.idcare.org/
• https://www.cyber.gov.au/protect-yourself
• https://www.cyber.gov.au/report-and-recover/have-you-been-hacked

If NSW individuals are concerned about the security of their identity or need additional assistance, they can contact ID Support NSW on 1800 001 040, Monday to Friday from 9:00am to 5:00pm. For more information, please visit nsw.gov.au/id-support-nsw

If you have any other questions, please contact the support team on enquiry@muswellbrook.nsw.gov.au