Service NSW hit by cyber attack

Service NSW has fallen victim to a cyber attack that has compromised information held within staff emails. The phishing attack on 22 April resulted in the email accounts of 47 Service NSW staff members being illegally accessed.

The state government agency said no individual MyServiceNSW account data has been compromised, and that it does not believe there has been any risk introduced to customers who were served by one of the 47 team members with the compromised accounts.

Service NSW has engaged forensic specialists to perform a deep analysis of the email accounts and to seek to identify any personal information that may have been accessed through the attack.

The agency has also alerted police and NSW and federal cybersecurity agencies as well as the NSW Information and Privacy Commission to the attack.

Service NSW CEO Damon Rees said the agency’s internal cybersecurity teams have been quick to stop the attack and have worked to limit the impact on its government agency customers and services.

“We are now working as quickly as possible to confirm the scope of this attack on the personal information of our customers,” he said.

This has involved establishing a dedicated team to offer help to affected customers.

“We are now confident the criminal access was limited to the content of those email accounts, which are related to transactions over the phone or over the counter at a Service NSW centre. Cybersecurity is incredibly important and we’re very sorry that we haven’t been able to successfully protect our customers against this complex attack.”

Service NSW plans to contact any customers determined to have been affected by the breach shortly.

The agency is advising those who have recently been in contact with Service NSW staff and have experienced suspicious activity online to reset all passwords and PINs and to review existing accounts for unauthorised transactions and activity.

Image credit: ©stock.adobe.com/au/James Thew