Following a four-month investigation that began in April, Service NSW said it identified 738GB of data, which included 3.8 million documents, had been stolen from email accounts.
The one-stop-shop agency, however, ensured that there was no evidence that MyServiceNSW account data or Service NSW’s databases were compromised during the cyber attack.
“This rigorous first step has surfaced approximately 500,000 documents referring to personal information,” said Damon Rees, CEO of Service NSW.
“Data consists of documents such as notes and handwritten forms, scans and records of transaction requests.
“Over the past four months, part of the analysis has included a manual review of tens of thousands of records to ensure our customer service teams can develop a robust and useful notification process.
“We are sorry that customer information was taken in this way. “Need to disclose a violation? Read this: Reportable Data Breach Program: Prepare to Disclose a Data Breach in Australia
Service NSW said it will now gradually notify affected customers by sending personalized letters by registered mail with information about the data stolen and how they could access support, including access to a manager. individual case to help possibly replace certain documents. The agency expects to complete customer notification in December.
“Our goal now is to provide the best support to approximately 186,000 customers and employees who we have identified with personal information in the breach,” said Rees.
The NSW service also revealed that NSW Police are currently investigating the incident, which has been labeled a “criminal attack.”
A review by the NSW Auditor General of Service NSW’s cybersecurity defenses, practices, systems and education is also underway.
Service NSW said in light of the incident, it has added additional security measures to protect against future attacks, such as partnering with IDCare which will provide the agency with additional “cyber support”.
“We have accelerated our cybersecurity plans and modernization of existing business processes to keep customer information as secure as possible,” he said.
Last week it was revealed that information on thousands of NSW driver’s license holders had been breached, with reports indicating that a cloud storage file containing more than 100,000 images had been left mistakenly opened.
Cyber Security NSW has confirmed that a commercial entity was responsible for the violation of the scanned driver’s license images. He said it was the business entity’s responsibility to investigate this matter and notify customers if their data had been breached.
In June, the government of New South Wales committed A $ 240 million to strengthen the government’s cybersecurity capabilities, including investments in protecting existing systems, deploying new technologies and increasing security. IT workforce.
At the same time, the state government has announced plans to put in place an industry-wide cybersecurity strategy and is calling for submissions from industry to help shape it.
“NSW’s Cyber Security Strategy 2020 will ensure that the NSW Government will continue to provide secure, reliable and resilient services in an ever-changing and developing environment,” said Minister of Customer Service Victor Dominello.
“The new strategy will be implemented through an integrated approach to prevent and respond to cybersecurity threats and protect our information, assets, services, businesses and citizens.
NSW pledges A $ 60 million to create cyber “army”
As part of the New South Wales Government’s AU $ 240 million commitment to cyber-related matters
New South Wales to implement industry-wide cybersecurity strategy
With industry help, the new document will replace the 2018 strategy.
Australian government pledges A $ 1.35 billion cyber kitty over 10 years
A $ 470 million will be used to create 500 cybersecurity-related jobs within the Australian Signals Branch.