Helpious LogoHelpious

What should I do if my identity documents are exposed online in Australia?

Answer

Act immediately to secure your personal information if your identity documents are exposed online in Australia. You must contact the issuing agency to cancel and replace the documents, notify your financial institutions, and report the breach to relevant authorities to prevent identity theft.

IDCARE - Australia's National Identity & Cyber Support Service
R
Robert JasonContent Researcher
Verified
Last UpdatedMay 3, 2026

Was this helpful?

15 readers found this helpful

How it works in practice

Immediate Threat Mitigation

When your identity documents—such as a driver's licence, passport, or Medicare card—are exposed online, you are at a high risk of identity theft. Cybercriminals can use this information to open fraudulent bank accounts, apply for credit, or impersonate you across various services.

Securing Your Finances

The first critical step is to alert your bank and any financial institutions where you hold accounts. They can place a temporary freeze or elevated security flags on your accounts to prevent unauthorized transactions. You should also request a free credit report from major Australian credit reporting bodies like Equifax, Experian, or illion to check for unauthorized applications.

Replacing Compromised Documents

You must contact the specific government agencies that issued the exposed documents. For passports, notify the Australian Passport Office immediately so they can cancel it and issue a new one. For driver's licences, contact your state or territory transport authority to have the card reissued with a new card number. This renders the exposed document virtually useless for official verification purposes.

Important exceptions

Not all identity document exposures carry the exact same level of risk, and the necessary response can vary depending on the specific information breached.

If only partial information is exposed, such as a name without a date of birth or a document number without the corresponding card verification code, the immediate risk of full identity theft may be slightly lower.

Additionally, replacement fees for compromised documents generally apply. However, if the exposure was the direct result of a major corporate data breach (like a telecommunications or healthcare provider hack), the responsible company or the government may waive or reimburse the replacement fees for affected customers.

What you should do now

  1. Contact your bank or financial institutions immediately to secure your accounts and monitor for suspicious activity.

  2. Reach out to the issuing government agency (e.g., Australian Passport Office or state transport authority) to cancel and replace the exposed documents.

  3. Request a ban on your commercial credit report through Equifax, Experian, or illion to prevent cybercriminals from taking out loans in your name.

  4. Contact IDCARE, Australia's national identity and cyber support service, for free, expert case management and advice.

  5. Report the data breach or cybercrime to the Australian Cyber Security Centre (ACSC) via their official ReportCyber portal.

Expert Notes

No expert notes have been added to this question yet.

People also asked

Explore highly relevant questions and get instant verified short answers.

Can't find an answer?
Submit your question below. If we publish an answer, it will appear in the "People also asked" section on this page.

We'll notify you if your question is answered. We won't use your email for anything else.