Identity Theft Response for Perth Families: A Structured Plan When a Data Breach Exposes Your Household

You get the email at 9pm — a service your family used three years ago has been breached, and your name, date of birth, driver’s licence number, and Medicare number are in the dump. Maybe it is just you. Maybe it is also your partner, and the kids’ details that you handed over when you booked that holiday, and your mum’s because you set up her account on the same login. You do not know what to do first, and the advice you find online is contradictory, US-centric, or assumes you are a single adult with one bank account. Identity Theft Response from Cyber by Exegesis is the engagement designed to give a Perth family a single structured plan to work through — in the right order, with the right Australian agencies.

The problem

When personal information is exposed in a data breach, the OAIC Notifiable Data Breaches scheme requires the breached entity to notify affected individuals — but the notification tells you that you are affected, not what to do next. The actual response work falls on you: contacting IDCARE for a tailored case plan, applying credit-file bans with each of the three credit bureaus, notifying the ATO so your tax file number cannot be used to file a fraudulent return, telling each bank’s fraud team, and rotating credentials on every account that reuses the exposed email and password.

For a family, that workload multiplies. ACSC guidance for individuals and families consistently emphasises that a shared device, a shared email, or a recycled password turns one person’s breach into the whole household’s exposure. The ACCC Scamwatch alerts also show that exposed personal information feeds directly into follow-on scams — impersonation calls, recovery scams, fake “fraud team” SMS — that target the same family for months after the original breach.

What Identity Theft Response does

Cyber by Exegesis runs a fixed-scope engagement structured around the response sequence Australian agencies actually expect:

• An IDCARE case-initiation walkthrough so the family has one referenced case number and a tailored response plan, rather than five separate phone calls.
• Credit-file ban applications across the three credit bureaus operating in Australia, with the renewal dates diarised so the bans do not lapse silently.
• ATO notification for any household member whose TFN or identity documents are exposed, including the Client Identification Support flag where applicable.
• Bank and superannuation fraud-team notifications, sequenced so the higher-balance accounts are protected first.
• An account-recovery sequence for the family email, password manager, and any shared cloud accounts where credential rotation has to happen in a specific order to avoid lockout.
• Ongoing monitoring setup — breach-notification alerts, bank transaction alerts, and a 90-day check-in.

Cyber by Exegesis is the cyber consultancy line of Exegesis — the same group behind the DRMO live product. Our scope here is incident-response coordination for a family, not legal advice and not credit repair. We sequence the right calls to the right agencies, and we make sure nothing falls through the gaps between them.

How it works

1. We confirm scope on a short call — which family members are affected, which documents and accounts are exposed, and what notifications you have already received from the breached entity.
2. We work through the IDCARE engagement with you, so you have a referenced case and a tailored plan before anything else is touched.
3. We sit with you (remotely or in person in Perth) to apply credit bans, notify the ATO, and contact bank and super fraud teams in the correct order.
4. We run the account-recovery sequence across the family’s shared and individual accounts, rotating credentials and enabling phishing-resistant MFA where supported.
5. We hand over a written plan with renewal dates, monitoring setup, and a 90-day review window — and a short briefing for the family on the follow-on scam patterns to expect.

Why this matters in Perth

Perth households are over-represented in cross-generational living arrangements — adult children supporting older parents’ accounts, grandparents helping with grandkids’ devices — and the time-zone gap with east-coast bank fraud teams means the response window is tighter than it looks. A Perth family that works through identity theft response in the right sequence, in the first 72 hours, closes off the highest-impact pathways (fraudulent credit applications, TFN misuse, super withdrawal attempts) before the exposed data is monetised. ACCC Scamwatch alerts also show that the follow-on impersonation scams hit harder where one household member is already rattled — which is exactly the point at which having a written plan matters most.

Sources

• OAIC Notifiable Data Breaches scheme: https://www.oaic.gov.au/privacy/notifiable-data-breaches
• ACSC guidance for individuals and families: https://www.cyber.gov.au/protect-yourself
• ACCC Scamwatch (National Anti-Scam Centre): https://www.scamwatch.gov.au/
• eSafety Commissioner (for any child-safety dimensions of the exposure): https://www.esafety.gov.au/
• Cyber by Exegesis — Identity Theft Response (waitlist)

Join the waitlist

Join the waitlist — first access when Cyber by Exegesis opens Identity Theft Response for Perth families

We are sequencing engagements by household composition and breach scope. Join the waitlist with a short note on how many family members are affected and which documents are exposed — we will tell you when we are ready to take a brief.