What to do if your lender gets hacked

Non-bank lender Firstmac has become the largest major organisation to be hacked, following high-profile cybersecurity breaches at Optus and Medibank.

If a lender or any other organisation that holds your personal details has been hacked, you should change all your online passwords – particularly those for your bank, email and social media accounts – and set up two-factor authentication.

It would also be smart to ask the three major credit reporting bureaus, Equifax, Experian and Illion, to place a ban on your credit report, which is free and simple to do. During the ban period, the credit bureaus won't use or disclose any information from your credit report, which means fraudsters won't be able to open accounts in your name or gain access to your personal details.

Secure your devices, check your accounts

For further protection, take steps to secure your devices, including phones, laptops and smart TVs. That includes installing high-quality antivirus software, protecting your phone with a PIN or biometrics, and making sure your phone automatically locks after a short period of inactivity.

Check your bank, email and social media accounts for suspicious activity – if any is found, report it to cyber.gov.au. Also, notify your contacts so they know to be wary of messages being sent in your name.

Finally, monitor announcements from the affected organisation and the authorities, so you understand the situation and can make informed decisions about how to respond.