Service NSW cyber incident


Service NSW is in the final stages of analysis into the cyber attack earlier this year on 47 staff email accounts and in a statement, confirmed, “we’re now working to notify customers who had personal information in the breach.”

“Customers at risk will be notified by person-to-person registered Australia Post which they’ll have to show photo ID and sign for. The letter will be personalised and include important information about the specific individual data accessed during the breach. They will be given clear steps to resolve any issues plus an individual case manager if needed.

The investigation has taken 4 months and required a highly technical approach to identify the exact amount of customer information in the 3.8 million documents (738 gigabytes of data) stolen from the email accounts. This rigorous first step surfaced about 500,000 documents which referenced personal information.

We are now able to focus on providing the best advice for approximately 186,000 customers we’ve identified with data in the breach. In addition to the personalized letters being sent by Registered Australia Post, we have a bespoke support service available including individual case managers for complex circumstances.

The cyber incident was a criminal attack. Cyber-attacks occur daily, and we are often able to intercept them. On this occasion we couldn’t stop the attack. There is a NSW Police investigation underway and a review by the auditor general of Service NSW’s practices and systems. This audit will assess how effectively Service NSW handles personal customer and business information to ensure its privacy.

We have accelerated our cyber security plans and the modernisation of legacy business processes to keep customer information as safe as possible.”

Commenting on the incident, Adam Biviano, Director, Solution Architecture, ForgeRock stated: “The revelation that the Service NSW data breach compromised the personal information of 186,000 customers only highlights how personally identifiable information remains the holy grail of cybercriminals. With this attack being perpetuated through the compromised emails of 47 Service NSW staff, the attack is a timely reminder that businesses and government organisations must ensure staff logins are secure, as this can have a knock-on effect compromising customer data if a breach occurs. Key to this will be investing in passwordless intelligent authentication methods.

“Intelligent authentication platforms and centralised identity systems mitigate breach risks by reducing the potential attack surface, helping eliminate phishing attempts. These systems also help businesses and government organisations understand how personal information is used and stored across different lines of businesses to ensure that personally-identifiable information is only kept on secure infrastructure – both on-premise and in the cloud. 

“More broadly, these services play a key role in helping minimise how often employees and customers submit the same login information across different devices, cutting down on potential points of attack from malicious actors. 

“Protecting customer and employee data must be a top priority for business and government moving forward, and consolidated digital identity strategies help achieve this in ways that reduce costs and complexity, as it’s clear that cybercriminals are showing no sign of slowing down.”