Source: Privacy Commissioner
Identity fraud (also known as identity theft) involves someone using another individual’s personal information without consent, often for financial benefit.
The risk from this kind of crime which targets our valuable personal information is only going to grow as more aspects of our lives are stored online.
Stolen personal information such as credit card numbers, passport details and birthdates, is often on-sold to malicious actors on the dark web who may use it defraud people or steal their identities.
While organisations trusted with safeguarding people’s personal information need to do so effectively, you can help yourself by taking swift action if you notice anything suspicious.
How will you know if you’ve been affected by a privacy breach?
You may hear direct from an organisation that they have had a privacy, security or data breach, or you may see in the media that an organisation you have given your details to has been breached.
You may start getting suspicious emails, texts, or unusual things happening with your accounts or records. Be particularly cautious of emails from an unknown source.
What should you do if you’ve been affected by a privacy breach?
Anyone who thinks they may have been affected should first contact New Zealand’s national identity and cyber support community service IDCARE on 0800 121 068.
- If your credit card or anything related to your bank has been affected, freeze your cards and accounts immediately and contact your bank about next steps.
- Issues with driver licenses should be referred to Waka Kotahi while passport problems should be managed by contacting the Department of Internal Affairs.
- If your email address was shared, you should change all the passwords for the accounts you have linked to that email address and alert your provider. You might start noticing spoofed emails as well.
Is there a way to check if your data has been leaked?
You may also want to visit Have I been Pwned? to see if your details are there. Several large/public data breaches have been added so the site acts like a repository of data breaches and lets you check to see if your account has been comprised. Note: The Privacy Commissioner is not affiliated with this website, and has not verified the data contained there.
If you find your email address attached to any of the links, and you do not know what information has been released or you only wonder if your information was released, you could consider changing all passwords. You could also run a check with your antivirus software on your computer, smartphone, and other devices with operating systems.
How do you reduce your risk of future breaches?
The simplest thing to do is to not open emails/attachment/links you were not expecting to receive, and not provide personal details, including financial information/credit card numbers to people or websites you can’t trust or verify. You could also try the following:
Change your passwords
- Change your email account passwords. Make sure you have strong passwords that you haven’t used for other accounts. If you emailed yourself online account passwords, such as your online banking password, change these as well.
- Enable multi-factor authentication for your email accounts where possible.
Take care with emails
- Know how to spot a scam. Scamwatch has help on protecting yourself from scams. If your name and contact details were involved in a data breach, a scam email might be personalised and address you by name.
- Ensure you have up-to-date anti-virus software installed on any device you use to access your mails.
- Don’t open attachments or click on links in emails or social media messages from strangers or if you’re unsure that the sender is genuine.
Take care on phone calls
- Don’t share your personal information until you are certain about who you’re sharing it with. If someone calls you and claims to be from an organisation or agency, you can hang up and call the organisation or agency back using publicly available contact details from their website or the phone book.