Data of 186,000 customers leaked in Service NSW cyber attack

Service NSW has confirmed that the personal data of 186,000 customers and staff were leaked after a cyber attack earlier this year, in which 47 employees had their email accounts compromised.

A four-month investigation, which began in April, concluded that roughly 3.8 million documents had to be analysed to assess the severity of any possible breaches.

Service NSW reveal details of cyber-attack
Service NSW reveal details of cyber-attack

Service NSW has revealed details about a cyber-attack that compromised 186,000 customers’ personal information.

“This rigorous first step surfaced about 500,000 documents which referenced personal information,” Service NSW chief executive Damon Rees said.

“The data is made up of documents such as handwritten notes and forms, scans, and records of transaction applications.”

The total size of the breach was 738 gigabytes of data, but not all of that was personal information, a spokesperson for Service NSW said.

There is no evidence that individual MyServiceNSW account data or Service NSW databases were compromised.

Service NSW chief executive Damon Rees.
Service NSW chief executive Damon Rees.

“The cyber incident was a criminal attack,” Service NSW said in a statement.

“Cyber attacks occur daily, and we are often able to intercept them. On this occasion, we couldn’t stop the attack.”

Customers who have been identified as “at-risk” will be notified by mail, which will include instructions on how to get support. The department said it “will never call or email a customer out of the blue requesting customer information about this or any other data breach”.

The mailing process is expected to be concluded by December.

“We are sorry that customers’ information was taken in this way,” Mr Rees said.

“Our focus is now on providing the best support for approximately 186,000 customers and staff we’ve identified with personal information in the breach.

The department is now working with NSW Police to assess potential lines of inquiry about the attack, and is providing regular briefings to Cyber Security NSW and the Information and Privacy Commissioner.

It said it has also accelerated cyber security plans and the modernisation of legacy business processes, and has brought in cyber support community service IDCARE to provide support.

“The approach Service NSW has taken will set a new benchmark on what proactive protections can be put in place from an impacted person perspective, and it provides a road map for treating individual risk,” IDCARE managing director Professor David Lacey said.

In June, the Herald reported that the NSW government was warned in late 2019 to improve its cyber security urgently in a report that found almost half of its agencies had no recommended strategies in place to prevent attacks.

The was after it was revealed that the state had been the target of a wave of sophisticated, foreign-actor data breaches, prompting Prime Minister Scott Morrison to warn the nation to brace for further incursions.

By Matt Bungard – SMH

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s