Service NSW: hackers stole 738GB of customer data during email breach

Service NSW has revealed that 738 GB of customer data was stolen during an email breach

Service NSW has revealed the private data loss of 186 000 customers.

Service NSW^[1] has revealed^[2] that the private information of 186,000 customers was stolen due to an email compromise attack against 47 staff members earlier this year. Hackers managed to encompass 3.8 million documents. Stolen data included handwritten notes and forms, scans, and records of transaction applications.

NSW confirmed the data loss on Monday, after a four-month investigation that started in April, following the email compromise attack.^[3]

However, NSW assured, that there was no evidence that individual MyServiceNSW account data or Service NSW databases were compromised during this cyber attack. Service NSW CEO Damon Rees explained:^[4]

This rigorous first step surfaced about 500,000 documents which referenced personal information.

Across the last four months, some of the analysis has included manual review of tens of thousands of records to ensure our customer care teams could develop a robust and useful notification process.

We are sorry that customers' information was taken in this way.

Service NSW is a New South Wales organization that specializes in various government service delivery to users via phone, in-person or online methods. The service allows filling in forms for licenses, permits, and fines – the agency stores the personal information of millions of people.

Affected customers should receive personalized letters

Service NSW is going to send personalized letters via registered post to notify affected customers. The letters will contain information about stolen data and how customers could access support. The agency's individual case manager will help to possibly replace some documents.

NSW expects to complete sending all letters for affected customers by December. The agency also explained that it will never email or call a customer to request information about a data breach.

Also, Service NSW CEO Damon Rees assured:^[2]

Our focus is now on providing the best support for approximately 186,000 customers and staff we’ve identified with personal information in the breach.

Service NSW already added extra safety measures to ensure data safety. The agency also explained that the NSW Auditor-General is currently reviewing its cybersecurity practices, education, and defenses with Service NSW in order to accelerate its cybersecurity plans.

The agency assured:

We have accelerated our cybersecurity plans and the modernisation of legacy business processes to keep customer information as safe as possible.

The agency is trying to review its cybersecurity practices but problems still occur

This large email compromise attack was labeled as a “criminal attack”. NSW Police is investigating this incident. Service NSW CEO said:^[5]

The cyber incident was a criminal attack. Cyber attacks occur daily, and we are often able to intercept them. On this occasion we couldn’t stop the attack.

In June, the NSW government committed AU$240 million^[6] to boost cybersecurity, including investments towards deploying new security technologies, protecting existing systems, and increasing the cyber workforce. But unfortunately, this data problem wasn't the last one safety issue for NSW.

For example, last week tens of thousands of NSW driver's licenses were left exposed in open cloud storage.^[7] The cache was discovered by Ukrainian security consultant Bob Diachenko who found the open cloud storage while investigating another data breach. The cache was easily discoverable with about 54,000 licenses in it. It is still unclear how long important information has been easily accessible online.