Third-party data breaches and myGov

When third-party data breaches happen, they can put your myGov account security and personal information at risk.

The risk is highest if you use the same sign in details for myGov that you use with the organisation that has been breached. Criminals can try to use those stolen details on other accounts, including myGov.

You can reduce this risk by using multifactor authentication, like Digital ID or a passkey.

You should never use the same sign in details with myGov that you use with other online platforms.

What to do if your myGov sign in details were involved in a breach

You should take the following steps if you know or suspect your sign in details have been breached.

Change your sign in option to Digital ID or a passkey. If you do this, you should also turn off your password. Turning off your password stops criminals from using a stolen username and password to try to access your account.

Change your password. Make it strong and different from your other online accounts.

If you don’t want to set up a Digital ID or passkey, you should turn off your email address or mobile number as your username. You’ll then need to sign in with your myGov username. You can find your username in your Sign in settings.

If you can’t sign in to your account using your sign in details, find out what to do if there’s been unauthorised access to your myGov account.

Complete tasks shown in the Security review section when signed in to your myGov account.

If you continue signing in with your myGov sign in details, make sure you set up a multifactor authentication option. These options are codes sent by SMS or from an authenticator.

More information

This link will take you away from myGov.