Did You Know 2022

Socially Engineered Security Risks Series

Did You Know That You Can Check If Your Personal Information Has Been Breached?

Authored by David Carroll 

While the media has moved on to other news, the Optus Breach and its investigation are still ongoing. We still don’t have clear details on what occurred and exactly what was taken.  

Perhaps this has you wondering if your information may have been breached previously and you were not informed. Or maybe you are wondering how much of your personal data has been leaked on the internet. 

For this week’s post, I thought it might to helpful to expand on my Optus Breach post and provide a step-by-step for checking if your personal information may have been exposed in a data breach. 

How many breaches are there in Australia each year?  

There is no mandatory register of breaches in Australia. While some legislation such as the Notifiable Data Breach Scheme, and the recently updated Critical Infrastructure Act, have some mandatory reporting requirements, there is no public register of breaches where you can query to see if you are at risk.  

There are some online sources where public breaches are listed, but these are by no means authoritative or complete. The Australian Insurer Webber Insurance maintains a list of Australian beaches, which you can access here.  

Some of the notable breaches on the list include: 

  • Victorian Government 
  • Deakin University.  
  • Woolworths 
  • iCare 
  • Department of home affairs 
  • NDIS 
  • Transport for NSW 

In my opinion, though, a better source of breaches is the site Have I Been Pwned, a site created by Australian web security consultant Troy Hunt.  

Pwnd

Troy’s site analyses information from hundreds of breaches and millions of compromised accounts. Troy gathers the data after it is posted on the dark web and traded by criminals.

The site is highly trusted and is even used commercially by password managers such as 1password and breach watch services to track and notify people when their information may be found on the dark web.

The site lets you enter an email address or a phone number to find out whether it has appeared in any of the data breaches the site tracks. Then you can change your passwords and take other steps to protect yourself.

How Can I Check If My Data Has Been Breached?

Pwnd 2

Search for Your Information
The primary function of Have I Been Pwned is to tell you whether your information has been compromised. Open your web browser and type in https://haveibeenpwned.com/. Once on the site, enter your email address or phone number into the search box, and you’ll get a list of data breaches tied to those details. The site also provides information such as:

  • When each data breach occurred;
  • The name of the company or site;
  • What data was compromised,
  • How the breach was discovered; and
  • How many accounts were involved.

Sign Up for Notifications 
You can sign up to receive an email notification whenever your personal information is found in a new data breach. That’ll allow you to take steps to minimise the risk of fraud or identity theft, such as changing your password on that account—and any other accounts where you used the same password.

Pwned3

What Do I Do If I Find My Information Leaked In a Breach?

Pwned 4
Pwned 5

If you are worried about the security of your pharmacy systems and want to know you can improve your pharmacy security, speak to your Corum Customer Success Manager or contact us on 1300 669 865.