Contact dvs.manager@ag.gov.au if you have any questions about the Document Verification Service (DVS) aspect of a cyber attack.
What the Australian Government is doing to protect your identity
The government is pursuing all possible solutions to protect and reissue victims’ identity documents.
The Australian Federal Police (AFP) investigates the criminal aspects of breaches, often working in partnership with other law enforcement. The AFP also monitors online forums, including the internet and dark web, for criminals trying to exploit breached data.
Services Australia helps if your Medicare card details have been exposed, allowing you to replace your card for free.
If you believe there has been unauthorised activity in any of your Services Australia accounts, contact their Scams and Identity Theft Help Desk.
As part of operating the DVS, the Attorney-General's Department also operates the Credential Protection Register, which stops compromised identities from being used fraudulently.
How the Credential Protection Register protects your identity
If your identity credentials are known to have been compromised, the Credential Protection Register (CPR) stops them from being verified through the Document Verification Service (DVS).
You don’t need to take any action. At the request of the organisation that issued the credentials, the Attorney-General’s Department will upload details of your compromised credentials to the CPR.
We are currently delivering enhancements to the CPR. These enhancements will:
- give individuals greater control of their credentials
- ensure that the register provides a longstanding identity recovery and resilience mechanism for all Australians.
What it means if your credentials are on the Credential Protection Register
If your credentials have been added to the CPR, they will be blocked from being verified through the DVS. This is so they cannot be used for fraudulent purposes. However, you can still use your document for its primary purpose. For example, a blocked passport can still be used to travel overseas.
Check with the organisation that issued your credentials about whether they should be replaced.
You can also:
- consider using alternative credentials
- speak to service providers that ask for identification about other options, such as presenting your credentials in person.
Once your compromised credentials have been replaced, the details on your old credentials stay on the CPR so they cannot be used for fraudulent purposes in the future. Keeping your compromised credential on the CPR has no impact on your ability to verify your new identity documents.
Where to get help if you are a victim of identity crime
Suspected victims of an identity crime can contact IDCARE. IDCARE is the national identity and cyber support service for Australia and New Zealand.
Report a privacy breach
You may hear about a data breach directly from an affected organisation or read about a breach in the media. If you think an organisation has breached your privacy, contact them directly.
If you are not happy with their response, you can contact the following to make a complaint:
In Australia, you should also report the breach to the Office of the Australian Information Commissioner.
Report an identity crime or a scam
If you think you are a victim of identity crime, contact your local police.
You can also get help through the national identity and cyber support service for Australia and New Zealand, IDCARE.
You can report a scam to SCAMWatch or to ReportCyber.
