IndustriesWorkPlaybookHow it worksAboutBook a systems auditBring us your idea

What is a data breach and what do I do if I have one?

Straight answer

A data breach is when information you hold is accessed, taken or exposed without authorisation. If you have one, act in order: contain it, work out what was affected, fix the hole, then meet your obligations to notify affected people and, in serious cases, the regulator. Move fast but methodically. This is general information, not legal advice.

Information current as at 5 July 2026

A data breach is a stressful thing to face, and stress makes people do the wrong things: panic, hide it, or thrash about deleting evidence. The antidote is a plan made in advance, so that if it happens you follow steps rather than instinct. This article explains what a breach is and the calm order to respond in. It is general information, not legal advice.

Plain English
Data breach
Unauthorised access to, or loss or exposure of, information you hold.
Contain
The first response: stopping the breach from continuing or getting worse.
Notifiable breach
A serious breach that carries an obligation to inform people and the regulator.
Incident log
A written record of what happened and what you did, kept as you respond.

Step by step

  1. Contain it before anything elseThe first job is to stop the bleeding, not to understand it fully. If a key is exposed, rotate it now so it stops working. If an account is compromised, lock it and reset its credentials. If an open database is being read, close the access. If a specific feature is leaking, take it offline. Containment comes first because every minute a live breach continues, more damage accrues. Do not wait until you understand the whole picture; stop the ongoing exposure, then investigate. Start an incident log at this moment and write down what you find and do, with times.
  2. Work out what was actually affectedOnce the immediate exposure is stopped, establish the scope calmly. What data was involved, whose data, how much, and how sensitive: names and emails are one thing, passwords or payment details are far more serious. How did it happen, and is it definitely closed now. Resist both denial and catastrophising; you want an accurate picture, because your obligations and your notifications depend on it. Preserve evidence rather than deleting things in a panic, since you may need to understand exactly what occurred. This assessment is what turns a vague emergency into a defined situation you can act on.
  3. Fix the underlying hole properlyContainment stopped the immediate leak; now close the actual weakness so it cannot recur. If a key was exposed, ensure all keys are rotated and moved server-side. If the database was open, turn on and test access rules. If a login was bypassable, fix the enforcement. A breach almost always reveals a systemic gap, not a one-off, so ask what else shares the same weakness and fix that too. This is also the honest moment to get help if the cause is beyond you, because a breach patched superficially tends to reopen.
  4. Meet your notification obligationsIn Australia, a serious data breach that is likely to cause harm can carry an obligation to notify the affected individuals and the regulator, under the notifiable data breach part of the framework. Assess whether your breach reaches that threshold, and when in doubt about a serious breach, err toward transparency and proper advice rather than silence. Notifying people promptly and honestly, telling them what happened and what to do, such as changing a reused password, is both an obligation in serious cases and the right thing. This is general information, not legal advice, so get proper guidance for a real breach.
  5. Learn from it and harden against a repeatOnce the immediate response is done, close the loop. Review your incident log and ask what allowed the breach and what would have caught it sooner: better access rules, hidden keys, monitoring, backups. Put those improvements in place so the same thing cannot happen again. A breach handled well, contained, fixed, disclosed honestly, and learned from, is recoverable and even trust-building. A breach hidden or botched is far more damaging than the breach itself. Turn the worst day into the reason your app is genuinely safer afterwards.
No pressure
Show us what you built.

If you have made something and it needs to become real, send it over. We will tell you honestly what it needs to be live, safe and yours, whether that is a quick fix you can do or a proper build. No obligation.

Common questions

Questions, answered

What exactly counts as a data breach?
Unauthorised access to, or loss or exposure of, information you hold. That includes someone reading data they should not, a device or database being exposed, or records being taken. It does not require a dramatic hack; an open database found by a stranger or a key that leaked data both count. If data left your control without permission, treat it as a breach.
Do I have to tell anyone if I have a breach?
In Australia, a serious breach likely to cause harm can carry an obligation to notify affected people and the regulator under the notifiable data breach framework. Whether yours reaches that threshold depends on the specifics. When in doubt about a serious breach, favour transparency and proper advice. This is general information, not legal advice.
Should I not just quietly fix it and move on?
No. Hiding a serious breach can breach your obligations and, if it emerges later, does far more damage to trust than honest disclosure would have. For a serious breach, contain and fix it, then meet your notification duties. People whose data was exposed deserve the chance to protect themselves, such as changing a reused password.
What is the very first thing to do?
Contain it: stop the ongoing exposure before trying to understand everything. Rotate an exposed key, lock a compromised account, close an open database, or take a leaking feature offline. Every minute a live breach continues adds damage. Start writing an incident log as you go, then move to assessing scope once the bleeding has stopped.
No pressure
Show us what you built.

If you have made something and it needs to become real, send it over. We will tell you honestly what it needs to be live, safe and yours, whether that is a quick fix you can do or a proper build. No obligation.

Start here

Two doors. Same senior team.

Whether you can name exactly what you want built, or you just know something is leaking, the next step is the same conversation.