Identity Theft Response for Australians: A Structured Recovery When Your Identity Has Been Compromised

You get a call from a bank you have never used about an account in your name. Or your tax agent rings because a return has already been lodged. Or a debt collector contacts you about a phone contract you never opened. The first hour is panic — which account, which number, who do I call, what do I freeze first, and is this still happening right now? Identity Theft Response from Cyber by Exegesis is the engagement designed to walk an Australian adult through that hour, that week, and the months of monitoring that follow.

The problem

Identity theft in Australia is rarely a single event. By the time you notice, an attacker may have already used your details to open a credit account, redirect mail, file a fraudulent tax return, port your mobile number, or take over an email address that other accounts rely on for recovery. ACCC Scamwatch consistently lists identity-related scams among the most damaging categories reported by Australians each year, and the National Anti-Scam Centre channels reports across banks, telcos, and regulators — but the coordination work still falls to the victim.

The ACSC’s consumer guidance is clear about what needs to happen: secure the accounts the attacker is using as a foothold, recover the identifiers (email, mobile, MyGov) that other recoveries depend on, and put credit and tax flags in place before more accounts are opened. The problem is sequencing. Doing the steps in the wrong order — for example, changing your email password before securing the mobile number used for SMS recovery — leaves the attacker a way back in. Most people have never done this before and are doing it under stress.

What Identity Theft Response does

Cyber by Exegesis runs a fixed-scope engagement specifically for an individual whose identity has been compromised:

• An initial triage call to map what the attacker has touched, what they may have touched, and what is still exposed.
• Credit-file protection through IDCARE, the national identity and cyber support service, including a ban or alert on your credit file with the major reporting bodies.
• ATO notification and a tax-account lock where appropriate, so a fraudulent return cannot be filed against your TFN.
• Bank and card fraud reporting sequenced across each institution, with a written record of case numbers.
• Account-recovery sequencing — email and mobile number first, then MyGov, then the downstream accounts that rely on them — so the attacker is locked out before you start changing other passwords.
• Monitoring setup for the following 12 months: credit alerts, dark-web exposure checks for your email, and a short written playbook for what to do if something new surfaces.

Cyber by Exegesis is the cyber consultancy line of Exegesis — the same company behind the DRMO live product. Our scope here is response and recovery for an individual. We are not your bank, not your lawyer, and not a debt-resolution service; we coordinate the steps and the paperwork, and we hand you a clean record of what was done.

How it works

1. We take a 30-minute triage call to capture what you have noticed, what you have already done, and which identifiers (email, mobile, MyGov, TFN, driver licence, Medicare) are in play.
2. We sequence the immediate lockdown — usually mobile number and primary email first — and stay on the line while you make the calls.
3. We lodge or coach you through the IDCARE engagement and the credit-file ban with the reporting bodies.
4. We work through the ATO notification, the bank and card fraud reports, and any OAIC-notifiable breach correspondence you have received from an organisation that lost your data.
5. We set up the 12-month monitoring, write up the case record (case numbers, dates, contacts, outstanding items), and check in at 30, 90, and 180 days.

Why this matters in Australia

Australian identity theft sits at the intersection of several systems — IDCARE, the ATO, the OAIC’s Notifiable Data Breaches scheme, ACCC Scamwatch and the National Anti-Scam Centre, and your bank’s own fraud team. Each one is reachable, but none of them coordinates the others on your behalf. An Australian adult dealing with identity theft for the first time is doing the coordination work themselves, usually while still going to work and looking after a household. A structured response engagement compresses that work into a sequenced plan with someone alongside you, and leaves you with a written record that matters if the matter ever goes to dispute.

Sources

• ACSC guidance for individuals and families: https://www.cyber.gov.au/protect-yourself
• ACCC Scamwatch (National Anti-Scam Centre): https://www.scamwatch.gov.au/
• OAIC Notifiable Data Breaches scheme: https://www.oaic.gov.au/privacy/notifiable-data-breaches
• eSafety Commissioner (where identity theft overlaps with image-based abuse or online impersonation harm): https://www.esafety.gov.au/
• Cyber by Exegesis — Identity Theft Response (waitlist)

Join the waitlist

Join the waitlist — first access when Cyber by Exegesis opens Identity Theft Response for Australians

We are sequencing engagements by urgency and by the identifiers in play (active financial fraud first, dormant exposure second). Join the waitlist with a short note on what you have noticed — we will tell you when we are ready to take your case.