Service NSW has publicly confirmed on Monday, September 7, 2020, that a cyberattack earlier this year compromised the customer data of 186,000 individuals. The attack against 47 staff members managed to obtain a whopping 738GB worth of data, translating to roughly 3.8 million documents, notes IT News.
Service NSW is a one-stop-shop agency that provides access to various NSW government services.
The data breach took place in April 2020 and the Monday announcement from the company comes as the firm closes in on its final stages of analysis and investigation surrounding the incident. According to Yahoo! Finance, the firm is now reaching out to affected customers via registered Australia Post mail.
In a statement, chief executive officer of Service NSW Damon Rees said, “The investigation, which began in April, engaged in forensic specialists to analyse 3.8 million documents in the accounts. This rigorous first step surfaced about 500,000 documents that referenced personal information.”
Among the customer data compromised as a result of the cyber attack include documents like handwritten notes and forms, scans, transaction records, and customer applications.
Despite the massive leak, the Sydney Morning Herald reports that there are no findings surrounding the misuse or breach of the MyServiceNSW account information or the Service NSW database. The company reportedly maintains that all customer data obtained by entities stemmed from the 47 staff email accounts initially compromised.
Apart from communicating with affected parties, the agency is also working alongside local authorities such as the NSW Police to further investigate the incident. Based on a number of reports, the data breach has now been tagged as a ‘criminal attack.’
It is also working with the Cyber Security unit and the Information and Privacy Commissioner of New South Wales.
To fortify its systems, the agency shared that it has improved its security measures to prevent similar attacks in the future. Among the steps taken by the firm include acquiring additional cyber support by partnering with IDCare.
“We have accelerated our cybersecurity plans and the modernisation of legacy business processes to keep customer information as safe as possible,” the company said in its press release.
To properly notify affected customers regarding vulnerable information, the team behind Service NSW reportedly manually reviewed documents and records, states ZD Net.
Following the rigorous review process, the company has now started informing customers regarding the breach. In addition, the one-stop-shop agency has also given information on how customers can obtain relevant support about stolen data.