We recommend you remain vigilant against the risk of phishing emails and scams, which are often the most likely risk associated with any unauthorised access to personal information.

Scam calls and phishing emails are becoming increasingly sophisticated and can appear to come from legitimate phone numbers with local area codes. They will often claim to be calling from a reputable organisation, such as a government entity, bank, or telecommunications agency. They will also create a sense of urgency to try to get you to disclose sensitive information or to elicit funds from you.

Q: What precautionary steps can I take?

A: There are some steps you can take to help protect yourself against these scams. We recommend you take the following steps:

Contact information (name, address, email address, phone number and / or date of birth)

Where a third party may have accessed your contact information, it is important to:

• be aware of email, telephone and text-based scams. Do not share your personal information with anyone unless you are confident about who you are sharing it with;

• when on a webpage asking for your login credentials, take note of the web address or URL ('Uniform Resource Locator'). The URL is located in the address bar of your web browser and typically starts with https://;

• if you are suspicious of the URL, do not provide your login details. Contact the entity through the usual channels to ensure you are logging into the correct web page. Please note that we will never contact you to ask for your username or password;

• enable multi-factor authentication for your online accounts where possible, including your email, banking, and social media accounts;

• ensure you have up-to-date anti-virus software installed on any device you use to access your online accounts;

• check the strength of your passwords and whether they have been involved in any data breaches on the NSW Government password checker website: https://www.nsw.gov.au/id-support-nsw/passwords; and

• follow the Australian Competition and Consumer Commission's Scamwatch guidance for protecting yourself from scams here: https://www.scamwatch.gov.au/get-help/protect-yourself-from-scams/.

For more information, you can visit the OAIC’s tips for further guidance about protecting your identity: https://www.oaic.gov.au/privacy/your-privacy-rights/tips-to-protect-your-privacy/.

Driver licence number only

Your driver licence number only (as opposed to the card number or a photocopy of your licence) was included in the affected dataset. Any unauthorised access to your driver licence number does not affect its validity and you are still able to use it for its intended purpose, and as a valid form of proof of identity.

The risk of misuse of a driver licence number alone is low and there is no need to replace your licence.

We do recommend that you review and continue to monitor your consumer credit report for any discrepancies or unusual activity. Information about obtaining a credit report or credit ban is provided below.

Proof of Age Card number

Your Proof of Age Card was included in the affected dataset.

Any unauthorised access to a copy of your Proof of Age Card does not affect its validity and it can still be used for its intended purpose, and as a valid form of proof of identity.

However, this ID provides credentials that can be used to take out a line of credit, or otherwise conduct fraudulent transactions, when combined with other forms of ID. As a rule of thumb, the more points of ID available, the easier it is to construct a fake profile for fraudulent purposes.

Where a Proof of Age Card has been accessed by an unauthorised third party, you may want to consider replacing your Proof of Age Card by contacting your issuing authority or applying for a new Proof of Age Card online through your account.

Employment details

Employment information which could include your monthly or year to date income and your employer was included in the affected dataset.

We understand that cyber actors usually seek to misuse information that can be manipulated for financial gain. For this reason, it’s unlikely this information will be useful to a cyber actor.

In saying this, we appreciate and understand that it is concerning to have this information disclosed in this manner. If you would like more information about what information of yours that was impacted, please contact us https://www.youxpowered.com.au/cyber-incident

Financial information

Some financial information including asset and liabilities and credit scores was included in the affected dataset.

If you are concerned, please contact us at https://www.youxpowered.com.au/cyber-incident

We also recommend that you review and continue to monitor your consumer credit report for any discrepancies or unusual activity. Information about obtaining a credit report or credit ban is provided below.

Other sensitive personal information (e.g. residency status)

If you have any concerns or would like more information about the other sensitive information that was impacted, please contact https://www.youxpowered.com.au/cyber-incident

Q: How do I access complimentary credit monitoring for 12 months?

A: youX is offering complimentary credit monitoring service with Equifax. If you would like to receive further information about this service, please write to us

privacy@youxpowered.com.au.

Q: Who can I contact for more information about cyber security and protecting my online identity?

A: Additional general resources on identity and cyber security support can be found here:

• https://www.oaic.gov.au/privacy/data-breaches/data-breach-support-and-resources/

• https://www.idcare.org/

• https://www.cyber.gov.au/protect-yourself

• https://www.cyber.gov.au/report-and-recover/have-you-been-hacked

If you have any other questions, please contact the support team via our dedicated website https://www.youxpowered.com.au/cyber-incident or privacy@youxpowered.com.au

Q: I have more questions – who can I talk to?

A: You can contact our Privacy Team on 1300 301 720 or via email privacy@youxpowered.com.au.