Helpious LogoHelpious

What should I do if a company leaks my information in Australia?

Answer

Immediately secure your accounts, assess the leaked information, and report the incident to the Office of the Australian Information Commissioner (OAIC). This helps protect your identity and privacy, and initiates a formal investigation.

Office of the Australian Information Commissioner (OAIC)
R
Robert JasonContent Researcher
Verified
Last UpdatedMay 3, 2026

Was this helpful?

7 readers found this helpful

How it works in practice

Understanding a Data Leak

A data leak, also known as a data breach, occurs when personal information held by an organization is accessed, disclosed, lost, or compromised without authorisation. This could include names, addresses, financial details, health records, or other sensitive data. Companies in Australia have legal obligations under the Privacy Act 1988 to protect your personal information.

Your Rights and Protections

If a company leaks your information, you have specific rights under the Notifiable Data Breaches (NDB) scheme. Organisations must notify affected individuals and the OAIC about eligible data breaches that are likely to result in serious harm. This notification allows you to take steps to protect yourself from potential identity theft or fraud.

Role of the OAIC

The Office of the Australian Information Commissioner (OAIC) is the national regulator for privacy and freedom of information. They oversee the NDB scheme and can investigate complaints about how companies handle personal information, including data breaches. They provide guidance and resources for individuals affected by data leaks.

Important exceptions

Not all data leaks are immediately covered by the Notifiable Data Breaches (NDB) scheme. Only "eligible data breaches" – those likely to result in serious harm to individuals – require mandatory notification.

Minor breaches with minimal risk to individuals may not trigger notification requirements. Additionally, the Privacy Act generally applies to Australian Government agencies and most private sector organizations with an annual turnover of $3 million or more. Smaller businesses may have different obligations.

What you should do now

  1. Change passwords for all affected online accounts and enable multi-factor authentication where available.

  2. Review financial statements and credit reports regularly for any suspicious or unauthorised activity.

  3. Contact the company responsible for the leak to understand what information was compromised and what steps they are taking.

  4. Report the data leak to the Office of the Australian Information Commissioner (OAIC) to log a formal complaint.

  5. Consider placing a ban or alert on your credit file with credit reporting bodies to prevent identity fraud.

Expert Notes

No expert notes have been added to this question yet.

People also asked

Explore highly relevant questions and get instant verified short answers.

Can't find an answer?
Submit your question below. If we publish an answer, it will appear in the "People also asked" section on this page.

We'll notify you if your question is answered. We won't use your email for anything else.