[BreachExchange] 186, 000 customer records stolen from Australian state government in phishing attack

Wed Sep 9 10:06:20 EDT 2020

https://siliconangle.com/2020/09/07/186000-customer-records-stolen-australian-state-government-phishing-attack/

A trove of data relating to 186,000 customers of an Australian state
government agency has been stolen in an attack that targeted employee
email accounts.

The attack, reported today, involved Service NSW, an arm of the New
South Wales government that providers one-stop access to government
services. The theft of data took place in April and included the theft
of 738 gigabytes of data consisting of 3.8 million documents.

Those documents included handwritten notes and forms, scans and
records of transaction applications. Approximately 500,000 documents
included personally identifiable information including drivers
licenses, firearms registration, working with children checks, birth
certificates, credit card details and medical records. Notably, the
data is said to have involved transactions over the phone or
over-the-counter at Service NSW centers.

The attack was described only as an “email compromise attack,” with
the accounts of 47 staff compromised. Earlier reports said the attack
first came to light when a staff member clicked on a suspicious link
in an email, suggesting that the likely path of compromise was a
phishing campaign or some sort — possibly a so-called spear-phishing
campaign targeted specifically at employees of the agency.

Police are said to be investigating with the agency saying that it is
in the process of notifying people affected by the attack and will
provide those affected with an individual case manager if needed.

The attack occurred in April, but the NSW government was in the news
for another data leak Sept. 1 when about 54,000 NSW drivers license
images were found exposed on an unsecured Amazon Web Services Inc. S3
bucket. That breach was blamed on a third-party business.

That Service NSW fell victim to a phishing attack is not all that
surprising. A report from email security company GreatHorn Inc. Sept.
2 found that information technology teams are struggling to protect
employees from a deluge in phishing attacks particularly since the
beginning of the COVID-19 pandemic.

The report, based on a survey of IT leaders, found that on average
they were remediating 1,185 phishing attacks every month or an average
of 40 attacks per day. Only 6% of phishing attacks were found to be
successful, but 36% said they were not confident that employees at
their organizations would be able to spot and avoid an email phishing
attack in real time.