Lost or Stolen Device Response for Brisbane Families: The First 24 Hours After a Phone, Laptop, or Tablet Goes Missing

Your daughter’s phone was lifted from a café table in Fortitude Valley. Your dad’s iPad has not been seen since the last family lunch and he is not entirely sure when. Your partner’s work laptop is somewhere between the airport and home. Whatever the device, the panic is the same — and the question underneath it is the one most families do not have a plan for: what is actually on that device, and who can now reach it? Lost or Stolen Device Response from Cyber by Exegesis is the engagement that walks a Brisbane household through the first 24 hours methodically, before guesswork becomes a data breach.

The problem

A modern family device is not just a device. It is a signed-in session to email, banking, MyGov, photo libraries, messaging apps, password managers, work accounts, and — for parents managing older relatives — sometimes a second household’s accounts as well. When that device walks off, the attacker does not need to break encryption. They need the lock screen to be weak, an SMS code to land on a SIM they can read, or a recovery email they can intercept.

The ACSC’s guidance for individuals and families is clear on what good looks like before the event: strong device passcodes, multi-factor authentication that is not just SMS, and Find My / Find My Device enrolled. The harder problem is the sequence after the device is gone. Which account do you rotate first? When does this become an OAIC-notifiable data breach for the small business your partner runs from that laptop? Do you report it to police now or later? Most families do the steps out of order, miss two of them, and only realise weeks later that an account was quietly accessed.

What Lost or Stolen Device Response does

Cyber by Exegesis runs a fixed-scope engagement triggered the moment you call:

• A remote-wipe and device-lock walkthrough across iCloud Find My, Google Find My Device, and Microsoft Find My Device — whichever applies to the missing hardware.
• An account-recovery sequence prioritised by blast radius: primary email first, then MyGov and banking, then password manager, then social and messaging.
• A password and session rotation plan covering the accounts that were signed in on the device, with MFA re-enrolment away from SMS where the account supports an authenticator app or passkey.
• A police report and insurance support pack — what to include, what report numbers your insurer will ask for, and the QPS online reporting path.
• An OAIC Notifiable Data Breaches assessment if the device held personal information for a small business, a community group, or a professional role — we help you work out whether the threshold has been met and what notification looks like.
• A short written record of every account touched, every credential rotated, and what to watch for over the next 30 days.

Cyber by Exegesis is the cyber consultancy line of Exegesis — the same company behind the DRMO live product. Our scope here is response triage for households, not ongoing managed IT.

How it works

1. You contact us via the waitlist response channel. We confirm the device type, who it belonged to, what accounts were signed in, and whether anyone has already tried recovery steps.
2. We start a remote-wipe or lock attempt where the device is still online, and capture the last-known location if the platform provides one.
3. We walk you through the account-recovery sequence in priority order — one account at a time, on a known-clean device — rotating credentials and re-enrolling MFA as we go.
4. We help you file the QPS report and prepare the insurer pack, and assess whether the OAIC NDB scheme is engaged.
5. We send a written record of the actions taken and a 30-day watchlist of accounts and signals to monitor.

Why this matters in Brisbane

Brisbane families move between home, school pickup, work, and the river city’s cafés and transport with the same devices that hold the household’s entire digital life. Device theft and loss in inner-city Brisbane and along the busway and rail corridors is steady and unglamorous, and ACCC Scamwatch reports show that follow-on scams — SIM swap attempts, “your account has been accessed” phishing, fake parcel notifications timed to a recent address — frequently arrive in the days after a device goes missing. A Brisbane family that runs the recovery sequence in the right order, in the first 24 hours, closes the window most attackers depend on.

Sources

• ACSC guidance for individuals and families: https://www.cyber.gov.au/protect-yourself
• OAIC Notifiable Data Breaches scheme: https://www.oaic.gov.au/privacy/notifiable-data-breaches
• ACCC Scamwatch (National Anti-Scam Centre): https://www.scamwatch.gov.au/
• eSafety Commissioner (for follow-on harms affecting children in the household): https://www.esafety.gov.au/
• Cyber by Exegesis — Lost or Stolen Device Response (waitlist)

Join the waitlist

Join the waitlist — first access when Cyber by Exegesis opens Lost or Stolen Device Response for Brisbane families

We are sequencing engagements by device ecosystem (Apple households first, mixed Apple/Android/Windows second) and by household composition. Join the waitlist with your device mix and whether the household includes children or older relatives — we will tell you when we are ready to take a brief.