Introduction

Australia’s growing epidemic of identity crime has exposed a critical flaw in the nation’s cyber security response: the victims of data breaches are too often left to clean up the mess alone.

As cyberattacks rise and personal information circulates through criminal networks, calls are mounting for a co-ordinated, government-led framework to replace today’s fragmented, victim-driven recovery model.

At present, the responsibilities of organisations that suffer data breaches are minimal. Most are required only to notify affected individuals and regulators, leaving victims to navigate a confusing maze of credit bureaus, banks, government agencies, and online platforms.

For many, restoring financial security and digital identity can take months or even years with emotional and economic costs that far exceed the immediate loss.

This approach is unsustainable in an economy increasingly defined by digital trust. Legislative reform, they say, is essential to establish a fair and effective system that assigns responsibility where it belongs: to the organisations whose security failures enabled the crime.

Under a reformed framework, breached entities would be required to fund recovery services for affected individuals, either directly or through accredited providers such as IDCare, Australia and New Zealand’s national identity and cyber support service.

This could include practical assistance such as credit monitoring, legal and financial advocacy, and psychological counselling. By embedding these obligations in law, policymakers would ensure that the cost of recovery sits with the institutions that allowed the breach to occur, rather than the individuals who suffer its consequences.

Expanding Government Platforms for Protection

Beyond reforming liability, technology and public infrastructure also have a crucial role to play. Government-backed platforms such as MyGov and the Digital Verification Service (DVS) could be expanded to limit the need for organisations to collect and store sensitive identity data in the first place.

Reducing the widespread duplication of passports, driver’s licences and other credentials would significantly decrease exposure risk across both public and private sectors.

One proposal gaining traction is the introduction of an “identity lockdown” feature within MyGov. This would be similar to a credit freeze that would allow individuals to restrict the use of compromised credentials across institutions.

In parallel, a breach-victim identification feature could help individuals verify their compromised status when dealing with banks, lenders, or service providers. This would prevent victims from being penalised through damaged credit scores for frauds committed in their name.

Building a Centralised Recovery Hub

A modern, accessible, and efficient support system must also be at the heart of the new framework. One idea is the creation of a centralised national portal: a one-stop digital hub where victims can report identity crimes, access tailored resources, and receive step-by-step guidance on recovery.

Such a hub could co-ordinate across multiple agencies and industries, connecting victims directly with the right support services and offering proactive alerts when their data is detected in misuse attempts.

Government-backed rapid response teams could work with banks, telcos, and technology providers to secure accounts, freeze credit, and restore compromised identities swiftly.

Public awareness campaigns will also be essential. Greater understanding of identity crime risks, combined with early detection efforts by banks, telecommunications providers, and major online platforms, can reduce both the incidence and impact of fraud.

Industry partnerships that share intelligence and standardise victim support processes will be key to building a truly national safety net.

Recognising the Emotional Toll

While the financial ramifications of identity crime are significant, the emotional burden is often just as heavy. Victims describe feelings of violation, anxiety, and helplessness that can persist long after accounts are restored.

Fraudulent activity can derail major life milestones, such as applying for a mortgage, renting a property, or even booking travel as victims struggle to prove their legitimacy.

Recognising this human dimension underscores the need for holistic recovery services that address both financial and psychological harm. Access to counselling, mental-health support, and transparent communication can make the difference between a functional recovery and lasting distress.

A Collective Responsibility

As Australia’s digital economy deepens its reliance on data, the stakes are rising for both consumers and organisations. Identity crime can no longer be treated as an unfortunate by-product of cyber incidents; it is a systemic risk demanding systemic solutions.

By combining legislative reform, practical technological safeguards, and co-ordinated industry collaboration, policymakers can build a recovery ecosystem that is timely, humane, and sustainable.

The outcome would not only protect victims but also strengthen national confidence in the digital systems underpinning modern commerce and governance.

Ultimately, the message is clear: the cost of identity crime should be borne by those who failed to protect the data rather than by those whose lives are upended when it is stolen.