And then it started with the welcoming words “Hello Kathryn”.

This is how an email I received last week began advising that the Copyright Agency – the not-for-profit most journalists are members of as it provides licensing solutions to copyright-protected words and images – had experienced a “cyber incident”.

Details around the incident were minimal as they were at “the earliest stages of investigating”.

But a year of working at IDCARE – which has assisted hundreds of organisations who have experienced a “cyber incident” with harm assessments and response plans – has raised my alarm bells.

I have begun a checklist in my brain ahead of any formal notification as to what may have been exposed.

The Copyright Agency has my full name, address, bank account details – was there a copy of my driver‘s licence on record somewhere?

The mere fact the Agency was concerned enough to notify – and has already notified the Office of the Australian Information Commissioner and is working with law enforcement – indicates they must be concerned.

However, this doesn’t mean I need to be changing my driver‘s licence or freaking out, yet. I don’t even know what the “cyber incident” was. It could have been a breach, a DDOS attack, a ransomware attack or maybe their computer systems are down due to something completely innocent – who knows.

Cyber incidents have become a daily occurrence in Australia. More than 24 million data breach notifications alone have been sent from Australian breached organisation in the last 24 months.

It has been more than a week since I received the email from the Copyright Agency. The contents of the email are also on their website and the information hasn’t been updated.

In this time, scammers could easily use the knowledge there has been a cyber incident to contact me and lure me into trusting them by providing information on an incident that is publicly available. At IDCARE, we regularly see this happen.

Managing a “cyber incident” properly is the key to preventing further harm. It is why we spend so much time working on Harm Assessments and Response Plans.

Until I know more, I’m going to be extra careful about any email, text or phone call that I receive.

Kathy Sundstrom is a former Sunshine Coast Daily journalist who now works at identity and cyber support service IDCARE.

More Coverage

A broken car, a farmer and a $70k business email scam

Kathy Sundstrom

‘Everyone’s a sitting duck’: Cyber crime explosion boosts $20m security firm

Glen Norris

Originally published as Copyright Agency cyber incident puts users on alert