The information on this page will help you recognise, and protect yourself against scammers.
It explains some of the most common scams and data breaches and shows you what to do if you suspect you may have been scammed or your information stolen.
Participant stories and videos have also been included to help you understand how to keep your information safe.
You can also find out more about how to identify and report coronavirus (COVID-19) scams.
What is a scam?
A scam is an illegal trick, usually with the purpose of getting money from people. A scam is a type of fraud.
Fraud information pack
This information pack is for disability support providers, sector representatives and NDIS partners. It aims to:
- help you remain compliant in your dealings with the NDIS
- build your understanding of fraud, privacy and cyber security
- explain how to report suspicious or suspected non-compliant or cyber security activity
- help you better protect personal and private information
- learn more about cyber security and online threats.
Download the Fraud information pack (DOCX 234KB).
A data breach happens when personal information is accessed or disclosed without authorisation or is lost.
Most data breaches happen through a malicious or criminal attack, human error or a system fault.
How will I know about a data breach?
The Privacy Act 1988 (Cth) requires an organisation, to tell you if their systems have been breached and it is likely to cause you serious harm.
An organisation may tell you about a data breach in an email, text message or phone call. If the organisation is unable to notify everyone, they may put a notice on their website, through social media, news articles or advertisements.
The notification should include:
- the organisation’s name and contact details
- the kinds of personal information involved in the breach
- a description of the data breach
- recommendations for the steps you can take in response to the breach.
What do I do if I’ve been told of a data breach?
If you are a participant and your personal information has been breached, please call the NDIS fraud reporting and scams helpline on 1800 650 717 or email [email protected]. We can help you take steps to protect your NDIS records.
We can add some extra security to help protect your NDIS funding, supports and records. We can also give you some advice and next steps.
Just because your information has been breached, does not mean that it is being misused. Taking steps to protect your information helps prevent someone from using it.
IDCARE has general advice about data breaches, scams and identity fraud.
Find more information at the Office of the Australian Information Commissioner website.
Providers may have legal obligations in relation to data breaches, and should consult the Office of the Australian Information Commissioner for guidance.
If you have experienced a data breach, we strongly encourage you to tell us about it so that we can help to minimise the impact on our participants.
Contact the NDIS fraud reporting and scams helpline on 1800 650 717 or [email protected].
What to do next
The NDIA has zero tolerance for fraud. Participants, their families and carers should feel confident the Agency is preventing, detecting, and responding to fraud, including scams.
We want to know if you feel someone has taken advantage of you, your plan budget or used your information in a way you have not given them permission to.
The NDIS has teams who can provide support and assistance to you if you have been scammed, or if you are concerned that your personal information has been stolen.
Contact the NDIS fraud reporting and scams helpline on 1800 650 717 or email [email protected] if you have witnessed, or suspect fraudulent behaviour.
Keep an eye on the Scamwatch page for up-to-date information about new scams.
If you need information in different languages, visit the Services Australia webpage on scams and identity theft .