What to do when you are notified of a data breach?

Recently, a member brought to our attention that Coles had advised individuals who had applied for jobs with them online may have had their personal data breached.  The statement indicated that their HR technology provider, ‘PageUp,’ had advised Coles on 5 June that an “unauthorised person gained access to PageUp systems and personal data relating to clients, job applicants, references and PageUp employees”.  Coles explained that they had since taken steps to secure the data and also work with the Australian Government’s agencies to understand the extent of the issues, appropriate risk management strategies and data protection options.

This sort of notification is obviously concerning to individuals and potential victims are commonly left wondering what to do with this advice.  In this instance, Coles specifically stated TFN details had not been breached; however, if there are any concerns about stolen or misused Tax File Number’s (TFN), this should be reported to the ATO Client Identity Support Centre on 1800 467 033.  If you think other identity information may be compromised individuals should call the ATO IDCARE team on 1300 432 273.


Other concerns relating to identity theft involve access to personal information that would allow a perpetrator to access credit against the stolen profile.  The safest way to manage the risk against this is to organise credit reports that show activity against an individual’s name. More information is available on the
ASIC website.