State Government agency points finger at commercial business not associated with the Transport agency for the breach.
Australian media has reported that residents in the state of New South Wales have had their digital licenses left exposed in an open Cloud storage.
According to ABC News “the cache was discovered last week by Ukrainian security consultant Bob Diachenko who stumbled upon the directory while investigating another data breach”.
The security consultant wrote on Twitter “more than 50K scanned driver licenses (front+back) and toll notices exposed in a misconfigured S3 bucket. Most likely – part of NSW RMS infrastructure (Road and Maritime, New South Wales, Australia)”.
ABC News wrote “the storage folder, which he said was easily discoverable, contained back-and-front scans of NSW licences alongside tolling notices hosted on Amazon’s cloud service”.
Both the Information and Privacy Commission (IPC) NSW and Transport NSW have been notified of the incident. “Both claimed that a commercial business, unconnected to the NSW Government, was responsible for the breach.
“The breach is not associated with [the] NSW Government agency or any NSW Government system or process.”
In May the IPC stated that 95 per cent of respondents felt that NSW government agencies protecting their information was important.
The results, from two-yearly survey by the agency, provide a broad and indicative sense of the public’s view of how privacy is regarded in areas such as data breaches by NSW government agencies, citizens’ awareness of their right to access their personal information, where to go to report the misuse of personal information or how to make a privacy complaint.
NSW Privacy Commissioner Samantha Gavel said, “It is encouraging to note that similar to previous years, over one in three respondents are aware of their right to access personal information from at least one of the NSW agencies listed, with many saying that they would contact the agency directly for help.
“However, awareness varies by age and many are not sure where to go to gain access to their personal information held by NSW agencies.
“The vast majority of respondents felt that NSW government agencies protecting their information was important and most were concerned about breaches or misuse of data currently held by NSW government agencies.”
Key findings of the study include:
- 95 per cent of respondents agreed that it is important that NSW government agencies protect their personal/health information
- 63 per cent of respondents are aware of their right to lodge a complaint or seek a review with an agency if they feel their privacy has been breached
- Knowledge of privacy rights among younger people was lower, with only 37 per cent of under 25 years were aware of their right to lodge a complaint or seek a review with state government departments
- Regarding breaches or misuse, respondents were most concerned about deliberate hacking of NSW government systems, and least concerned about accidental release of personal information
- Nearly a quarter of respondents were unsure how to access their personal information under privacy laws, or how to report misuse
- 86 per cent of respondents who had lodged a privacy complaint in the past year were happy with the outcome,
- Awareness of the role of the Privacy Commissioner varied across age groups, with those over 55 having the greatest awareness and those under 25 the least.
Considering the current situation with COVID-19 and to prevent or manage the risk of COVID-19 in the workplace, NSW Privacy Commissioner, Samantha Gavel said.
“Agencies need to consider how they collect, use and disclose personal and health information. This includes the handling of personal information of employees and employees’ family members, visitors to agency premises, as well as individuals to whom the agency provides services and members of the public,” she said.
