Australian State Government confirms cyber attack on staff email, affecting New South Wales residents.
The Australia state of New South Wales, has confirmed its agency, Service NSW is in the final stages of analysis into the cyber-attack earlier this year on 47 staff email accounts and is now working to notify customers who had personal information in the breach.
Identified customers at risk will be notified by person-to-person registered Australia Post which they’ll have to sign for. The letter will be personalised and include important information about data accessed during the breach and how to get support.
Service NSW will never call or email a customer out of the blue requesting customer information about this or any other data breach.
“The investigation, which began in April, engaged forensic specialists to analyse 3.8 million documents in the accounts. This rigorous first step surfaced about 500,000 documents which referenced personal information,” said Service NSW CEO Damon Rees.
“The data is made up of documents such as handwritten notes and forms, scans, and records of transaction applications.”
“Across the last 4 months, some of the analysis has included manual review of tens of thousands of records to ensure our customer care teams could develop a robust and useful notification process.”
“We are sorry that customers’ information was taken in this way.”
“Our focus is now on providing the best support for approximately 186,000 customers and staff we’ve identified with personal information in the breach,” said Mr Rees.
The registered mail will be sent progressively as the data is validated, with the notifications due to be completed in December.
NSW Police are working closely with Service NSW as they assess potential lines of inquiry about the criminal attack. Service NSW has also regularly briefed Cyber Security NSW and the Information and Privacy Commissioner.
There is no evidence that individual MyServiceNSW Account data or Service NSW databases were compromised.
Service NSW has already added additional security measures to protect against this type of attack. Service NSW is among the agencies to benefit from a NSW Government investment of $240 million over three years to further enhance the security of customer information.
Independent cyber support community service IDCARE has partnered with Service NSW to provide an additional level of expert support.
IDCARE Managing Director Professor David Lacey said the innovations being applied by Service NSW are unique and will have a considerable positive impact on the response.
“The approach Service NSW has taken will set a new benchmark on what proactive protections can be put in place from an impacted person perspective, and it provides a roadmap for treating individual risk,” said Professor Lacey.
Among the support being offered to affected customers:
- A new Service NSW hypercare team able to help customers on a case by case basis including help with documents that may need to be replaced.
- Access to the cyber support community service IDCARE who will provide an additional level of expert support.