[BreachExchange] Service NSW reveals 738GB of customer data was stolen during email breach

[Destry Winant]

https://www.zdnet.com/article/service-nsw-reveals-738gb-of-customer-data-was-stolen-during-email-breach/

 Attack accessed 47 staff email accounts and affected 186,000 customers.

Service NSW has revealed that the personal information of 186,000
customers was stolen because of a cyber attack earlier this year on 47
staff email accounts.

Following a four-month investigation that began in April, Service NSW
said it identified that 738GB of data, which compromised of 3.8
million documents, was stolen from the email accounts.

The one-stop-shop agency assured, however, there was no evidence that
individual MyServiceNSW account data or Service NSW databases were
compromised during the cyber attack.

"This rigorous first step surfaced about 500,000 documents which
referenced personal information," Service NSW CEO Damon Rees said.

"The data is made up of documents such as handwritten notes and forms,
scans, and records of transaction applications.

"Across the last four months, some of the analysis has included manual
review of tens of thousands of records to ensure our customer care
teams could develop a robust and useful notification process.

"We are sorry that customers' information was taken in this way."

Need to disclose a breach? Read this: Notifiable Data Breaches scheme:
Getting ready to disclose a data breach in Australia

Service NSW said it would now progressively notify affected customers
by sending personalised letters via registered post containing
information about the data that was stolen and how they could access
support, including access to an individual case manager to help with
possibly replacing some documents. The agency expects to complete
notifying customers in December.

"Our focus is now on providing the best support for approximately
186,000 customers and staff we've identified with personal information
in the breach," Rees said.

Service NSW also revealed that NSW Police is currently carrying out an
investigation into the incident, which has been labelled as a
"criminal attack".

A review by the NSW auditor-general into Service NSW's cybersecurity
defences, practices, systems, and education is also underway.

Service NSW said in light of the incident, it has added additional
security measures to protect against future attacks, such as
partnering with IDCare that will provide the agency with additional
"cyber support".

"We have accelerated our cybersecurity plans and the modernisation of
legacy business processes to keep customer information as safe as
possible," it said.

Last week, it was revealed information on thousands of New South Wales
driver's licence-holders was breached, with reports indicating a cloud
storage folder that had over 100,000 images was mistakenly left open.

Cyber Security NSW confirmed a commercial entity was responsible for
the breach of scanned driver's licence images. It said it was the
responsibility of the commercial entity to investigate this matter and
notify any customers if their data had been breached.

In June, the New South Wales government committed AU$240 million to
bolster the government's cybersecurity capabilities, including
investments towards protecting existing systems, deploying new
technologies, and increasing the cyber workforce.

Alongside this, the state government announced intentions to stand up
a sector-wide cybersecurity strategy and is calling for industry
submissions to help shape it.

"The 2020 NSW Cyber Security Strategy will ensure the NSW government
continues to provide secure, trusted, and resilient services in an
ever-changing and developing environment," Minister for Customer
Service Victor Dominello said.

"The new strategy will be delivered through an integrated approach to
prevent and respond to cyber security threats and safeguard our
information, assets, services, businesses, and citizens."