breakthru logo

Cyber incident notice

We recently experienced a data breach when one employee’s Microsoft account and linked documents were accessed by an unauthorised third party as the result of a phishing incident.

To all of our people and valued customers, we assure you that we are taking this matter very seriously and we apologise for any inconvenience or distress that this incident may have caused.

Upon discovering the incident we immediately took steps to secure our system and contain its impact. We then commenced an investigation and engaged specialist cyber security experts to understand what happened and strengthen our systems.

During the incident, an unauthorised third party accessed personal identity information, personal identity documents and confidential information about some past and present Breakthru employees, job applicants and customers. It is possible that a copy of this personal information was taken by the unauthorised third party.

There is no current evidence of misuse of any individual’s personal information.

We have already informed the Office of the Australian Information Commissioner (OAIC) and the Australian Cyber Security Centre (ACSC) of the incident. We will continue to keep them informed as we continue our investigation.

Please know that we remain committed to protecting the personal information of all individuals. We thank everyone for your understanding and ongoing support, so that we can continue our important work in supporting people living with illness, injury or disability.

If you have a query about how we manage your personal information, please see further information about our Privacy Policy on our website.

Support available to impacted individuals

We understand the importance that you place upon your personal information, and the protection of your information is always our utmost priority.

If you would like to know more about the incident and how you have been impacted, please email us at [email protected]


Our organisation has partnered with IDCARE, Australia’s national identity and cyber support community service. Please click here to reach IDCARE and fill in their form or call 1800 595 160.

Steps to protect yourself

We strongly recommend that you consider taking the following steps to protect yourself from potential scams and other harm like identity theft.

We urge you to remain vigilant and encourage you to access the support provided by IDCARE in the event you have any concerns.

We encourage you to take general precautions to protect your personal information, such as:

  • Remain alert to any suspicious email, SMS or telephone communications that are disguised to look like they come from someone you know or trust.

  • Verify the legitimacy of communications by authenticating the sender. This includes checking email names and domains.

  • Don’t respond to the suspicious communication but rather contact the person via their usual means of communication to verify the legitimacy of the communication.

  • Do not open links that look suspicious. If you are unsure about a link sent to you by a company, you should go to the company’s website and look for the product or service that was offered.

  • Be alert to phishing scams. This could include scams that target you through post or email. Phishing scams are attempts by scammers to trick people into providing their personal information, passwords, credit card numbers and/or sensitive personal information.

  • Consider changing your email account passwords. Make sure you use strong passwords that you do not use for other accounts. Enabling multi-factor authentication is a good idea where possible.

  • You can find further information about online safety, cyber security and helpful tips to

Frequently Asked Questions

Let’s do this together.
Subscribe to stories & news

In the spirit of reconciliation, Royal Rehab acknowledges the Traditional Custodians of Country throughout Australia and their connections to land, sea, and community. We pay our respects to their Elders past, present and future and we extend our respects to all Aboriginal and Torres Strait Island peoples.

Proudly Part of the Royal Rehab Group Empowering Independence
Registered Charity Organisation
Registered NDIS Provider
Disability Employment Services Provider