Service NSW reports theft of 738 GB of customer data
Service NSW has disclosed that it has fallen victim to a data breach involving the theft of a whopping 738 GB of customer data that includes the personal information of 186,000 customers and staff.
Attackers gained access to the trove of data — which included handwritten notes and forms, scans and records of transaction applications — through a business email compromise attack on 47 employees.
The agency became aware of the breach in April and has spent the last four months identifying affected customers, according to Service NSW CEO Damon Rees.
“The investigation, which began in April, engaged forensic specialists to analyse 3.8 million documents in the accounts. This rigorous first step surfaced about 500,000 documents which referenced personal information,” he said.
“Across the last four months, some of the analysis has included manual review of tens of thousands of records to ensure our customer care teams could develop a robust and useful notification process. We are sorry that customers’ information was taken in this way.”
But the agency has uncovered no evidence that individual MyServiceNSW Account data or Service NSW databases were compromised through the attack.
The agency is now in the process of informing the 186,000 of the breach. Notifications will be sent via Australia Post using registered mail and, to avoid scammers taking advantage of the situation, the agency stressed it will never call or email a customer out of the blue requesting customer information about this or any other data breach.
Meanwhile NSW Police are investigating the attack, and the agency is assisting with these inquiries. Service NSW has also regularly briefed Cyber Security NSW and the Information and Privacy Commissioner about the incident.
Rees said Service NSW has adopted additional security measures to protect against email-based attacks, and will incorporate further improvements through the state government’s $240 million investment over three years to enhance the security of customer information.
Finally, Service NSW is working with cyber support community service IDCARE to assist customers and staff impacted by the breach. IDCARE Managing Director Professor David Lacey said the mitigation efforts Service NSW has adopted will have a considerable positive impact on the response.
These support initiatives include the establishment of a new Service NSW hypercare team to help customers on a case-by-case basis, and the provision of a range of recommended steps to protect users’ identity, finances and personal information.
“The approach Service NSW has taken will set a new benchmark on what proactive protections can be put in place from an impacted person perspective, and it provides a roadmap for treating individual risk,” he said.
News of the attack came shortly after the disclosure of a data breach involving photos of 54,000 NSW driver’s licences being exposed online in a public-facing AWS storage folder.
Cyber Security NSW has blamed the breach on an unnamed commercial entity, insisting that the collection of the data had nothing to do with the Department of Transport or any other state government entity.
Basic governance and risk management fundamentals and root causes, beyond the Taskforce's...
Telstra is working with the Australian Cyber Security Centre and Services Australia on a pilot...
Councils must formulate a policy on the use of video analytics early on to ensure that compliance...