Article written by Rebecca Di Noia, Business Connect Advisor, Western Sydney Business Centre.

Around 6 years ago, I became a victim of Identity fraud.  

It was around July 2016 when I received a bank statement from my bank, except I did not recognise the account number.

Curiously, I went to the local branch and discovered that there was a separate file set up under a fraudulent address and contact details under my name.  

I was told that there was an issue with my account 5-6 months prior but “we have sorted it out”. When I asked what the issue was, the branch staff refused to tell me but reassured me that everything is ok.  

So, I went online and applied for my credit report, only to discover that 5 unauthorised credit inquiries had occurred as well as someone using my ID to rent a place and get a job somewhere else.  

Once I had the credit report, I went down to my local police station and requested an Event number. I also contacted the Australian Cyber Crime Unit (ACSC).

During my search, I came across a service called IDCare. IDCare is the Australian and New Zealand national identity and cyber support service and is also free.  


I was told to place a “ban” on my credit file with the credit agency. The standard first-time ban is 21 days, then, if necessary, you can request to extend it up to 3 months. This means that no one, including yourself, can apply for credit or open accounts during the ban, giving you time to investigate and prevent the fraudster from using your personal information during that time.  

You can apply for a free report from any credit agency. There are 3 credit agencies in Australia

You can apply for a free report from any credit agency. There are 3 credit agencies in Australia – Equifax, Illion and Experian.

Repairing your credit rating is not as simple as telling the service providers that this is not your debt. I found myself being transferred to every department under the sun and repeating my story over and over just to get nowhere.

I soon discovered that most large companies have a Fraud Prevention department; I quickly learnt in requesting to speak with staff from that department so I could find out what documents were needed to correct my credit rating.  

I did not lose any of my IDs or documents and was told by the police that my ID was most likely stolen online. As the result, I had to contact every provider, private or public, state or Federal, to update my security measures.

During the process of repairing my credit rating, I came across the “Commonwealth Victims’ Certificate.” A Commonwealth Victims’ Certificate is a document that you can present to an organisation, such as a government agency, a financial institution, or a credit agency to help support your claim that you have been the victim of a Commonwealth identity fraud. This may help you to rectify your business or personal affairs and you will need to apply to a magistrate in your State or Territory to receive it.

I could not be granted a Commonwealth Victims’ Certificate because the offences at the time were not Commonwealth offences (like tax/Centrelink fraud, or fake passports) so the judge instead granted me the Certificate under State law. Once the service providers are satisfied that those inquiries were unauthorised, I can request them to be removed from my credit file. Those unauthorised inquiries can and will affect your credit

rating, and only those service providers can request the removal of the inquiries, not the individual so the quicker the investigation, the quicker the repair process.  

In total, I spent at least 6 months sorting this out whilst developing my business and working. The pressure and frustration that it caused me were enormous. I share my story with clients when talking about privacy and cyber security, to encourage them in asking themselves – how much information are you collecting from your customers? Is it really necessary? And what would happen if that information was leaked/hacked? What effect it could cause on your customers?