Country, Culture, People, Future

Cybersecurity FAQs

Frequently Asked Questions about the cyberattack on YMAC and how to protect your personal information

Cybersecurity FAQs

On 5 December 2022, YMAC commenced contacting individuals potentially affected by the cyberattack by letter, email and phone call. The communications contained information about the cyberattack, provided clear information about what category of personal information had been exposed and actionable advice to those affected.

YMAC has not been able to make contact with some individuals who have provided only their BSB/account details to YMAC for payment purposes. If you have any concerns about your bank account details please contact YMAC by calling 1800 270 709 or you can email us at cybersecurity@ymac.org.au

On 5 December 2022, YMAC commenced contacting individuals potentially affected by the cyberattack. If you did not receive a letter, email or phone call and are concerned that you may have been impacted by the cyberattack please contact IDCARE by filling out the ‘Get Help Now Form’ (for Individuals) at idcare.org or call them on 1800 595 160. You can also email YMAC at cybersecurity@ymac.org.au

YMAC has not been able to make contact with some individuals who have provided only their BSB/account details to YMAC for payment purposes. If you have any concerns about your bank account details please contact YMAC by calling 1800 270 709 or you can email us at cybersecurity@ymac.org.au

YMAC has partnered with IDCARE, Australia’s national identity and cyber support service, to provide specialist case management support to those affected. This service is provided at no cost to affected individuals. YMAC has also pledged support to assist those individuals who may need to replace any identity documents compromised by this cyberattack.

As at 5 December 2022, YMAC has not received any threat or ransom from any third party to misuse any personal information. YMAC has not received any evidence of any personal information being misused.

As at 5 December 2022, YMAC has not received any threat or ransom from any third party to misuse any personal information. YMAC has not received any evidence of any personal information being misused.

While extremely disappointing, this attack was a malicious criminal attack, not a system fault nor the result of human error. In an ever-increasing global environment of cyber-crime, YMAC's cybersecurity capabilities have enabled the organisation to block over 1.58 million attacks between July and September 2022 alone.

Immediate action was taken to contain the cyberattack and YMAC has further secured its information technology environment and strengthened systems across the organisation. The cyberattack has been reported to the Australian Cyber Security Centre, the Australian Federal Police and the Office of the Australian Information Commissioner. YMAC continues to work with forensic and cybersecurity specialists to investigate the attack.

YMAC takes privacy and data protection very seriously and remains committed to the continuous improvement of its practices, systems and security.

YMAC has reported the matter to the Australian Cyber Security Centre, the Australian Federal Police and the Office of the Australian Information Commissioner. YMAC continues to work with forensic and cybersecurity specialists to investigate the attack.

While extremely disappointing, this attack was a malicious criminal attack, not a system fault nor the result of human error. In an ever-increasing global environment of cyber-crime, YMAC's cybersecurity capabilities have enabled the organisation to block over 1.58 million attacks between July and September 2022 alone.

Immediate action was taken to contain the cyberattack and YMAC has further secured its information technology environment and strengthened systems across the organisation. The cyberattack has been reported to the Australian Cyber Security Centre, the Australian Federal Police and the Office of the Australian Information Commissioner. YMAC continues to work with forensic and cybersecurity specialists to investigate the attack.

YMAC takes privacy and data protection very seriously and remains committed to the continuous improvement of its practices, systems and security.

Contact IDCARE immediately by filling out the ‘Get Help Now Form’ (for Individuals) at idcare.org or call them on 1800 595 160 quoting the special referral code in your letter, email or phone call from YMAC.

For more information on how to get help and how to protect yourself go to our Cyber Safety Tips page.

For more information, including how to protect and prevent misuse of your personal information, go to our Cyber Safety Tips page.

You can find your unique referral code for IDCARE in the letter, email or phone call you received from YMAC. If you can't find the code please email cybersecurity@ymac.org.au or call 1800 270 709. You can still contact IDCARE for assistance if you don't have the code, it just makes it easier for them to assist you if you have it.

YMAC has partnered with IDCARE, Australia’s national identity and cyber support service for the community. IDCARE has Case Managers who can work with you anonymously in developing specific response plans to address risks relating to this cyberattack on YMAC. These Case Managers work with tens of thousands of Australians each year who confront personal information and privacy risks. IDCARE’s services are provided at no cost to you.

Contact IDCARE by filling out the ‘Get Help Now Form’ (for Individuals) at www.idcare.org or call them on 1800 595 160 quoting the special referral code in your letter, email or phone call from YMAC.

In an ever-increasing global environment of cyber-crime, YMAC's cybersecurity capabilities have enabled the organisation to block over 1.58 million attacks between July and September 2022 alone.

Immediate action was taken to contain the cyberattack and YMAC has further secured its information technology environment and strengthened systems across the organisation. The cyberattack has been reported to the Australian Cyber Security Centre, the Australian Federal Police and the Office of the Australian Information Commissioner. YMAC continues to work with forensic and cybersecurity specialists to investigate the attack.

YMAC takes privacy and data protection very seriously and remains committed to the continuous improvement of its practices, systems and security.

YMAC has partnered with IDCARE, Australia’s national identity and cyber support service for the community. IDCARE has Case Managers who can work with you anonymously in developing specific response plans to address risks relating to this cyberattack on YMAC. These Case Managers work with tens of thousands of Australians each year who confront personal information and privacy risks. IDCARE’s services are provided at no cost to you.

Contact IDCARE by filling out the ‘Get Help Now Form’ (for Individuals) at idcare.org or call them on 1800 595 160 quoting the special referral code in your letter, email or phone call from YMAC.

For a list of reputable resources and more information about keeping your personal information safe and how to recognise a scam click here

YMAC has pledged support to assist those individuals who may need to replace any identity documents compromised by this cyberattack. YMAC has also partnered with IDCARE, Australia’s national identity and cyber support service, to provide specialist case management support to those affected.

YMAC has pledged support to assist those individuals who may need to replace any identity documents compromised by this cyberattack. YMAC has also partnered with IDCARE, Australia’s national identity and cyber support service, to provide specialist case management support to those affected.

The most common signs of identity misuse include:
• You notice transactions, either withdrawals or payments, from your bank accounts and cards you did not initiate.
• You receive an unsolicited email, phone call or SMS-text message by people who claim to know you, or are impersonating government or business, and ask you to provide further information, including payment details, credential information or other identity details.
• You receive a bill in the mail for a service you did not request.
• You are locked out of your email account, social media, online banking, or permanently lose your mobile phone signal.
• Your friends, relatives or work colleagues are enquiring about an email or social media post you apparently sent that you had nothing to do with.

For more information, including how to prevent misuse of your information, go to our Cyber Safety Tips page on our website or one of the reputable information sources listed on the Cyber Resources page.

On IDCARE’s Learning Centre you will find a useful Fact Sheet – Credit Reports Australia. This fact sheet contains information about credit reports including easy steps to apply for your credit report.

Check your Credit Reports for any unexplained credit checks by organisations. Every Australian can get free access to their credit reports. You may have three different credit reports - one from each of Australia’s three separate credit reporting bureaus.

If you find entries on your credit report that cannot be explained or are incorrect, such as a different address, please contact IDCARE immediately by submitting a support request form via idcare.org quoting your YMAC referral code.