Cyber Response
We wanted to provide an update on a recent cyber incident involving unauthorised access to our IT environment by an unknown third party and the subsequent disclosure of some information online. Our investigations have identified impacted information that may belong to you.
Our priority is to best protect our clients, staff and all others who have entrusted us with their data as well as provide guidance and support on how best remediate any immediate risk of misuse.
We therefore wanted to provide this update and share steps that can be taken as a precaution to strengthen your data security.
We provide a summary below of what we know, the steps we have taken to respond and how we will keep you informed as more detail becomes available.
We apologise for any concern that this news may cause, but we believed it was our duty to make you aware and provide guidance around safeguarding measures as soon as possible.
What happened?
In May 2025 we became aware of unusual activity within our IT system which we have since confirmed was the result of unauthorised access by an unknown third party. This third party has disclosed some data online it claims was taken from our IT environment.
As soon as we became aware of the incident, we began work to ensure the security of our systems and launched an investigation to determine what happened.
This investigation is now complete, and we have since taken additional steps to further secure our systems and to implement additional security measures to prevent recurrence.
What data is involved?
Based on the type of information we hold we believe that any impacted data may include:
- Contact information;
- Tax File Numbers (TFNs);
- Full Australian passport information;
- Full Australian Drivers Licence information;
- Bank Account Details (BSB and Account Number); and
- Sensitive legal documents
Please do note that the impact on your data, if any, will depend on what information you have previously shared with us.
If you have not provided the above information to Ruddy, Tomlins & Baxter, there is no action you need to take.
What should I do if I think my data has been affected?
Below, we outline several precautionary steps we recommend you consider taking to protect yourself at this time:
Contact information (name, address, email address and/or phone number)
Some contact information may have been included in the impacted dataset. Where a third party has accessed contact information, it is important to be aware of email, telephone and text-based scams. We provide further guidance below:
- do not share your personal information with anyone unless you are confident about who you are sharing it with;
- when on a webpage asking for your login credentials, take note of the web address or URL (‘Uniform Resource Locator’). The URL is located in the address bar of your web browser and typically starts with https://;
- if you are suspicious of the URL, do not provide your login details. Contact the entity through the usual channels to ensure you are logging into the correct web page. Please note that we will never contact you to ask for your username or password;
- enable multi-factor authentication for your online accounts where possible, including your email, banking, and social media accounts;
- ensure you have up-to-date anti-virus software installed on any device you use to access your online accounts;
- check the strength of your passwords and whether they have been involved in any data breaches on the NSW Government password checker website: https://www.nsw.gov.au/id-support-nsw/passwords; and
- follow the Australian Competition and Consumer Commission’s Scamwatch guidance for protecting yourself from scams here: https://www.scamwatch.gov.au/get-help/protect-yourself-from-scams/.
- for more information, you can visit the OAIC’s tips for further guidance about protecting your identity: https://www.oaic.gov.au/privacy/your-privacy-rights/tips-to-protect-your-privacy/.
Tax File Number (TFN)
Some Tax File Numbers (TFN) may have been included in the impacted dataset.
The Australian Tax Office (ATO) is able to set up monitoring and apply protective measures for your Tax File Number (TFN) to prevent future misuse, where your TFN as set out on a Notice of Assessment (NOA), payslip or other document has been impacted.
If you wish to contact the ATO to set up monitoring and apply protective measures, you can contact them on 1800 467 033 (available 8:00 am to 6:00 pm AEST, Monday to Friday). More information is available on the ATO website: https://www.ato.gov.au/online-services/scams-cyber-safety-and-identity-protection/help-with-data-breaches/data-breach-guidance-for-individuals
Full Australian Passport information (current or expired)
Some passport information may have been included in the impacted data.
Any unauthorised access to your passport does not affect the document’s validity and you are still able to use it for travel and as a valid form of proof of identity.
However, a copy of your passport may provide credentials that can be used to conduct fraudulent transactions when combined with other forms of identification. As a rule of thumb, the more ID documents available, the easier it is to construct a fake profile for fraudulent purposes.
Where a passport may have been accessed by an unauthorised third party, you may wish to consider replacing your passport by contacting the issuing authority. Before replacing your passport, we recommend that you refer to the data-breach frequently asked questions (FAQs) on the Australian Passport Office website https://www.passports.gov.au/data-breaches.
Also please carefully consider the impact of replacing your passport if you are thinking of doing so. Replacing a passport may prevent you from using it as a valid form of ID, obtaining credit for legitimate purposes or affect your travel plans in the short term while a new passport is being issued. Please consider this advice and your own circumstances before deciding to replace your passport.
If your passport has expired more than three years ago, or has been replaced since it was provided to Ruddy. Tomlins & Baxter, you do not need to replace your passport again.
We also recommend that you review and continue to monitor your consumer credit report for any discrepancies or unusual activity. Information about obtaining a credit report or credit ban is provided below.
Full Australian Drivers Licence information (current or expired)
Some driver’s licences may have been contained in the impacted data.
Any unauthorised access to a driver licence does not affect its validity and it can still be used it for its intended purpose, and as a valid form of proof of identity.
Where a driver licence has been accessed by an unauthorised third party, you may wish to consider replacing it through contacting the issuing authority. While the driver licence number will remain the same, receiving a new card number will provide a new card number and expiry date to prevent it from being misused.
Individuals may wish to carefully consider the impact of replacing a licence as this may prevent you from using it as a form of ID, such as obtaining credit for legitimate purposes. Please consider this advice and your own circumstances before deciding to replace your ID.
If your licence expired more than two years ago or has been replaced since it was provided, you do not need to replace your licence.
Bank account details (account name, account number, BSB number)
Some bank account details may have been contained within the impacted data.
A BSB and account number does not present a direct misuse risk as they do not allow unauthorised access to your bank account. However, the BSB does identify who the financial institution is, which may make impersonation scam attempts appear more legitimate.
Should you have any concerns, you can do the following:
- review your transaction history and bank account statements for any suspicious activity;
- contact your bank to report this event and flag any suspicious activity identified;
- where available use two-step authentication – such as SMS codes to your mobile phone;
- check your credit report yearly (this alerts you to any attempts to open a credit account in your name). Information about obtaining a credit report is provided below; and
- never respond to, open or click on links in emails purporting to be from your bank (it is always safer to call).
Sensitive legal documents
Some legal information of a sensitive and/or personal nature may have been contained within the impacted data.
We understand that cyber actors usually seek to misuse information that can be manipulated for financial gain. For this reason, it’s unlikely this information will be useful to a cyber actor.
In saying this, we appreciate and understand that it is concerning to have this information disclosed in this manner. If you would like more information about what information of yours that was impacted, please contact us.
Have you notified regulatory bodies?
We have notified the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner OAIC and continue to liaise with them as part of our response.
Who can I contact for more information?
The Ruddy, Tomlins & Baxter team is prepared to respond to any questions or concerns you may have – you can contact us on rtbayr@rtblegal.com.au.
Thank you for your patience and understanding as we complete our investigation and respond accordingly.