An email hack of staff members in April resulted in the exposure of personal data from 186,000 customers, Service NSW has revealed.
The investigation of the breach, which targeted 47 staff members, has moved into its final stages according to Service NSW.
“The investigation has taken 4 months and required a highly technical approach to identify the exact amount of customer information in the 3.8 million documents (738 gigabytes of data) stolen from the email accounts. This rigorous first step surfaced about 500,000 documents which referenced personal information.
“We are now able to focus on providing the best advice for approximately 186,000 customers we’ve identified with data in the breach,” the agency said.
Affected customers will now be notified by person-to-person registered post, which will require a photo ID and signature.
“The letter will be personalised and include important information about the specific individual data accessed during the breach. They will be given clear steps to resolve any issues plus an individual case manager if needed,” Service NSW said.
Service NSW labelled the breach a “criminal attack”, and said that many are stopped before they can impact customers.
“Cyber-attacks occur daily, and we are often able to intercept them. On this occasion we couldn’t stop the attack. There is a NSW Police investigation underway and a review by the auditor general of Service NSW’s practices and systems. This includes a review of cyber security defences, practices, systems and education.
“We have accelerated our cyber security plans and the modernisation of legacy business processes to keep customer information as safe as possible,” the agency said.
