Nearly 47 Service NSW staff email accounts were hacked after a ‘criminal attack’ in April, affecting the data of 186,000 customers.
Service NSW revealed that a cyber-attack led to the compromise of 47 staff email accounts. Resultantly, hackers stole personal details of about 186,000 customers, which amounts to 738GB of data comprising of 3.8million documents.
The findings result from a four-month-long investigation that the NSW government services’ one-stop-shop initiated in April. The agency updated on Monday that Service NSW databases or individual MyServiceNSW account weren’t compromised in the attack.
It is worth noting that Service NSW is a New South Wales Government executive agency within the Department of Customer Service that provides one-stop access to government services via online, phone, or in-person at its service centers
The data breach occurred in April when its 47 team members’ email accounts were compromised. The customer data, including forms, handwritten notes, transaction application records, and scans, was stored on one of the 47 email accounts.
For four months, Service NSW didn’t reveal the exact number of affected customers. However, on Monday, the agency disclosed that it was in the final phase of analysis into the data breach incident and has started notifying affected customers.
Service NSW is contacting identified customers with data in a cyber attack earlier this year via Registered Post which you’ll have to sign for. Remember, Service NSW will never call or email out of the blue about any security matter.
Learn more: https://t.co/Ew9QyG9Wwm pic.twitter.com/1f27ck2W2Q
— Service NSW (@ServiceNSW) September 7, 2020
The agency further informed that the investigation took so long because it involved using a ‘highly technical approach’ for identifying the exact amount of information stored in the 3.8 million documents stolen from the compromised email IDs. They could locate 500,000 documents containing the personal information of its customers.
“We are now able to focus on providing the best advice for approximately 186,000 customers we’ve identified with data in the breach,” Service NSW told iTnews.
Impacted customers will be notified via ‘personalized letters’ offering bespoke support services, such as individual case managers, for tricky situations. Affected customers will be informed by person-to-person registered Australia Post.
Service NSW claims that this incident was a ‘criminal attack’, and an NSW Police Investigation will be launched. The agency has already optimized its cybersecurity infrastructure and has plans to modernize the legacy business process.
Furthermore, the NSW Auditor-General is reviewing Service NSW’s systems, cybersecurity defenses, education, and practices.