Service NSW has alerted police and authorities of a cyber attack that has accessed customer information held in emails.
On 22 April 2020, Service NSW launched a comprehensive investigation in response to the discovery of a possible breach.
Initial assessments were not clear on the reach of the attack.
This investigation subsequently identified the email accounts of 47 Service NSW Staff members were illegally accessed.
Forensic specialists have been engaged to perform a deep analysis of the email accounts to identify any personal information that may have been accessed through this attack.
Service NSW CEO Damon Rees said internal cyber security teams stopped the attack and worked to limit the impact on our customers and services.
“We are now working as quickly as possible to confirm the scope of this attack on the personal information of our customers,” Mr Rees said.
“We are now confident the criminal access was limited to the content of those email accounts, which are related to transactions over the phone or over-the-counter at a Service NSW Centre.
“Cyber security is incredibly important and we’re very sorry that we haven’t been able to successfully protect our customers against this complex attack.
“We are going to do everything we possibly can to help customers who have been affected by this. We’ve established a dedicated team to offer help to affected customers.
“Service NSW will contact customers who we determine have been affected by this criminal attack.
“This is a very complex issue and the analysis and investigation are both ongoing.”
The stolen data was stored in email records and customers should be reassured that individual MyServiceNSW Accounts have not been compromised.
Relevant NSW and Federal cyber security agencies have been briefed along with the NSW Information and Privacy Commission.
The service.nsw.gov.au website has further information about the breach and will be updated regularly with important security advice for customers.
Source: Service NSW