Lost or Stolen Device Response for Melbourne Families: The First 24 Hours After a Phone, Laptop, or Tablet Goes Missing

Your teenager left their phone on the tram. Your mum’s iPad was taken from a café in Carlton. Your partner’s work laptop is somewhere between the airport and the Uber, and nobody is sure which. The device itself is replaceable — but the email account signed in on it, the banking app, the saved passwords, the photos of the kids, the Medicare card in the wallet app, and the messages from the school portal are not. Lost or Stolen Device Response from Cyber by Exegesis is the engagement that walks a Melbourne family through the first 24 hours, in the right order, before a lost device turns into a data breach.

The problem

A modern phone or laptop is not one account — it is twenty. Email, iCloud or Google, banking, MyGov, Service Victoria, Apple Pay, the kids’ school logins, social media, password managers, and whatever messaging apps the household uses. When a device walks out the door, every one of those accounts is a separate decision: wipe now or wait, change the password or rotate the recovery method, report to police or not, tell the bank or not, tell the school or not.

ACSC’s guidance for individuals and families is clear that the response sequence matters — wiping a device before you have recovered access to the email account behind it can lock you out of your own life. Most families discover this at 11pm on a Sunday with a crying child and a half-charged backup phone. And if the lost device held personal information belonging to others — a small business’s customer list on a parent’s work laptop, a sporting club’s roster on a volunteer’s phone — the OAIC Notifiable Data Breaches scheme may be in play, with notification obligations that have to be assessed in days, not weeks.

What Lost or Stolen Device Response does

Cyber by Exegesis runs a fixed-scope triage engagement for households that have just lost a device, or want a documented plan ready before they do:

• A pre-loss baseline (if engaged before an incident): a written inventory of which devices belong to whom, which accounts are signed in on each, and which recovery methods exist for each account.
• A live triage call when a device is lost or stolen — we sequence remote wipe, account recovery, and password rotation in the right order so you do not lock yourself out of the email account you need to recover the others.
• Account-recovery sequencing across the major Australian household stack: Apple ID, Google, Microsoft, MyGov, the big four banks, Medicare, and the major Australian telcos.
• Report-to-police support — what to say, which Victoria Police channel, and how to get the event number your insurer will ask for.
• Insurance-claim and OAIC-assessment support — including a written assessment of whether the lost device meets the threshold for an eligible data breach under the NDB scheme if it held information about others.
• A short written report covering what was changed, what was wiped, and the 30-day account-monitoring window.

Cyber by Exegesis is the cyber consultancy line of Exegesis — the same company behind DRMO. Our scope here is response and recovery for households. We are not your phone carrier and we are not the police; we coordinate the steps the family has to take and document them properly.

How it works

1. You call or message the waitlist contact and we open the triage on a 30 to 60 minute video call, usually within hours of the device going missing.
2. We confirm what was on the device, who it belonged to, and whether any third-party personal information was stored or accessible.
3. We sequence the account recovery and remote-wipe actions in the right order, working through them with you live, on whichever spare device you have.
4. We help draft the police report and the insurance notification, and assess whether an OAIC notification is required.
5. We send the written report, set the 30-day monitoring window for Scamwatch-style follow-on attempts, and check in once at 30 days.

Why this matters in Melbourne

Melbourne households move devices through trams, trains, schools, cafés, and shared offices every day, and Victoria Police lost-property data consistently reflects the volume. The risk is not unique to Melbourne — but the combination of dense public transport, a large student population, and a heavy concentration of small businesses run from home means a lost device in a Melbourne household is disproportionately likely to hold both family data and someone else’s personal information. That second category is the one that triggers OAIC NDB obligations, and the one most families do not realise they are carrying until the device is already gone.

Sources

• ACSC guidance for individuals and families: https://www.cyber.gov.au/protect-yourself
• OAIC Notifiable Data Breaches scheme: https://www.oaic.gov.au/privacy/notifiable-data-breaches
• ACCC Scamwatch (for follow-on scam attempts after a device loss): https://www.scamwatch.gov.au/
• eSafety Commissioner (for image-based or child-safety concerns where a child’s device is involved): https://www.esafety.gov.au/
• Cyber by Exegesis — Lost or Stolen Device Response (waitlist)

Join the waitlist

Join the waitlist — first access when Cyber by Exegesis opens Lost or Stolen Device Response for Melbourne families

We are sequencing engagements by household device mix (Apple-first households first, mixed Apple/Android/Windows second). Join the waitlist with a rough device count and platform mix — we will tell you when we are ready to take a brief from your household, and we will hold a same-week response slot for waitlist members.