← Back to BlogIncident Response

What Is a Data Breach and What Should Your Business Do About It?

What Is a Data Breach and What Should Your Business Do About It?

The term "data breach" sounds clinical and corporate — the kind of thing that happens to big banks and tech companies, not a 12-person accounting firm in Brisbane or a family-owned retailer in Perth. But data breaches are increasingly common across businesses of all sizes, and knowing what to do when one happens could save your business.

What is a data breach?

A data breach occurs when sensitive, confidential, or protected information is accessed, disclosed, or used without authorisation. That information might include:

  • Customer names, addresses, and contact details
  • Financial information (bank accounts, credit card numbers)
  • Tax file numbers, Medicare numbers, or other government ID
  • Employee records
  • Business financial data

Breaches can result from:

  • A phishing attack that leads to compromised credentials
  • Ransomware that encrypts and/or steals data
  • An employee clicking a malicious link and downloading malware
  • Unauthorised access to cloud storage
  • A physical theft of devices

The phishing connection:

The vast majority of data breaches begin with a phishing attack. Stolen credentials open the door. Once inside, an attacker can access, copy, and exfiltrate data silently for days, weeks, or even months before detection.

Australia's Notifiable Data Breaches scheme:

Under Australia's Privacy Act, organisations covered by the Act are legally required to notify the Office of the Australian Information Commissioner (OAIC) and affected individuals when a data breach is likely to result in "serious harm."

This applies to businesses with annual turnover over $3 million, or businesses that handle health records, credit information, or certain other sensitive data. Not all SMBs are covered, but many are — and the threshold is lower than most people realise.

Failure to notify can result in significant penalties.

What to do if you suspect a breach:

  1. Contain the breach immediately. Disconnect affected systems from the network. Change compromised passwords. Revoke suspicious access.
  1. Assess the scope. What data was accessed? How long was the attacker in the system? What might have been stolen?
  1. Contact your IT provider or an incident response specialist. This is not a situation to manage alone.
  1. Check your notification obligations. If customer data was involved, speak to a legal adviser about whether you have notification obligations under the Privacy Act.
  1. Notify affected customers if required. Be transparent, specific, and timely. Explain what happened, what data was involved, and what you're doing about it.
  1. Report to the OAIC. If you have notification obligations, report at oaic.gov.au.
  1. Review and improve. After the immediate crisis is resolved, conduct a post-incident review and implement the controls that would have prevented it.

The lesson

Most breaches are preventable. Most start with phishing. Building staff awareness is your most effective pre-breach investment.

Learn to stop breaches before they start at Phishbate →

Think you can spot a phish?

Put your knowledge to the test with the Phishbate interactive quiz. It only takes a few minutes.

Take the Quiz →