1) Stay Alert to Phishing Emails, text messages and phone calls
Exercise usual caution when replying to emails, phone calls and text messages. Don’t open suspicious texts, pop-up windows or emails, or click on suspicious links or open unusual attachments. Ensure you thoroughly identify callers and don’t divulge personal information to unknown parties.
2) Beware of attempts of cyber extortion
Cyber extortion is a cybercrime where criminals use threats to intimidate victims into taking specific actions against their will. Beware of attempts from scammers who use a data release on the dark web to demand payment from victims by threatening negative consequences within a specific timeframe.
Do not engage with scammers. Please immediately report any attempts of cyber extortion to: https://www.cyber.gov.au/report-and-recover/report
3) Change your Passwords Regularly
We recommend you change your passwords regularly.
4) Enable Enhanced Security on Bank Accounts
Generally, bank account and BSB numbers cannot be used to access bank accounts but, we recommend you carefully monitor any transactions for any unusual activity. If you detect unusual activity, contact your bank immediately. If you haven’t already, we recommend you enact Two Factor Authentication on all bank accounts; your bank can provide more details.
5) Identification Documents
For individuals who provided ID documents upon opening or to maintain an account, we believe a copy of these documents has been accessed.
This incident does not affect the validity of any driver’s licence or passport, and you are still able to use these documents as a valid form of proof of identity. ID Care can provide you with further guidance around this.
FIIG will reimburse impacted people the cost to replace (not renew) their driver’s licence until 31 August 2023, upon the production of a receipt. FIIG generally does not hold client passport details; in the event we do, we recommend clients activate the DVS passport blocking service; details are provided below. Please contact your relationship manager or call 1800 01 01 81 to confirm the ID documents FIIG holds before replacing them (if you have not already), or with any other questions on ID replacement cost reimbursement.
6) Tax file numbers
To protect your Tax File Number information, you can contact the ATO and ask for additional security measures to be placed on your account (call 1800 467 033 during 8am to 6pm AEDT Monday to Friday).
7) Credit Monitoring
We recommend that you review and continue to monitor your consumer credit report for any discrepancies or unusual activity. This is especially relevant if you have also been impacted by other cyber incidents where a broader amount of personal
information has been compromised.
You can apply for an annual free credit report from one of the consumer credit reporting agencies below. You can also consider contacting each of these bodies to place a temporary ban on your credit report. This means that each of these
credit reporting agencies will not be able to share your credit report with credit providers without your consent for 21 days, unless extended. This sharing of your credit report is normally required for somebody to take out credit
using your identity.
8) Information for individuals who may have supplied passport information
Please note: As part of the application process for becoming a FIIG client or maintaining an account, we sometimes require a passport number and, in some instances, a scanned
copy of a passport.
This incident does not affect the validity of any passport for travel purposes. However, to help prevent the digital misuse of your passport information which may have been exposed in the data breach, we can request to put a block on your
passport using the Commonwealth Credential Protection Register (CPR). FIIG can facilitate the CPR registration of your passport through the Department of Home Affairs, and it will no longer verify through the Australian Government
Documentation Verification Service (DVS).
The DVS compares personal information on identity documents against existing government records, such as passports, to help verify identity online.
Clients with passports that have expired in the past three years can consider opting in for this service, as passports that expired within this period can still be used to verify identity.
How can I have my passport DVS blocked?
If you would like to have your passport document number blocked within the DVS service, we need your consent and confirmation of the passport document number to be blocked. Please inform your relationship manager or by calling 1800 01
01 81 by phone with these details – do not provide them in written format via email.
You will need to provide your first name, last name, email, and passport number, which will be supplied to the Australian Government Documentation Verification Service (DVS), and they will block your passport from verifying online.
What does having my passport blocked include?
A blocked passport means that it cannot be used to verify an identity online through the DVS for confirmation of identity checks for government departments and organisations such as banks and telecommunication companies.
Can I continue to use my passport for travel or identity verification?
If you choose to have your passport blocked, you can continue to use your passport to travel and verify your identity in person, including for government or financial services. You can still book international travel with your
passport number online.
Can I have my passport unblocked?
Once blocked in the DVS system, a passport cannot be unblocked. If you replace or renew your passport, your current document will be voided, and your new document (with a new document number) will safely verify through the DVS.
Can I replace a passport blocked in the DVS system?
Yes, if you opt to have your passport blocked, you can still choose to replace or renew this document at a later date. More information on replacement and renewal options is available at www.passports.gov.au/getting-passport-how-it-works/special-travel-documents/replacement-passport
What other documents will I be able to use to verify my identity online via the DVS service?
The DVS service also accepts driver licences and Medicare cards. As long as these documents are not also flagged within the DVS system, they will continue to be able to be used for digital verification. Please note FIIG is
unable to block any documents other than passports within the DVS system, including driver's licences.
Where can I find more information?
For more information on your passport being involved in a data breach, please visit https://www.passports.gov.au/data-breaches
For more information on the Australian Governments Document Verification Service, please visit please see https://www.idmatch.gov.au/our-services
9) Medicare
Medicare Card Copy
A Medicare card copy belonging to you may have been exposed during the cyber incident.
If you’re concerned or you’ve been affected, the easiest way to replace your Medicare card is by using your Medicare online account through myGov.
The Services Australia website contains helpful information about the steps you can take to replace your card:
www.servicesaustralia.gov.au/databreach
If you are concerned about the security of your Medicare, Centrelink and myGov accounts, you can contact the Scams and Identity Theft Helpdesk on 1800 941 126 (available 8am to 5pm AEDT Monday to Friday).
Medicare Card Number (number only, not card copy)
A Medicare card number belonging to you (not a copy of your Medicare card) may have been exposed during the cyber incident.
People can’t access your Medicare details or Medicare account with just your Medicare card number. To reassure you, unlike a scan or copy of a Medicare card, a Medicare card number by itself cannot be used as a proof of identity.
If you are concerned about the security of your Services Australia accounts, you can contact the Scams and Identity Theft Helpdesk on 1800 941 126 (available 8am to 5pm AEDT Monday to Friday).
10) General Recommendations
Other steps you can take to protect yourself from the incident include:
If you need assistance with taking the above steps, please visit cyber.gov.au or contact ID Care on
1800 595 160.