Nearly 200,000 Australians have been impacted by a major Service NSW hack which saw 47 staff members’ emails compromised.
Service NSW on Monday said it is in the final stages of analysis into the cyber attack which took place earlier in the year and is now contacting affected Australians by registered Australia Post mail.
The state body described the April hack as a “criminal attack” with NSW Police now also investigating the attack. The attack against 47 staff members saw 738GB of data and 3.8 million documents stolen, with Services NSW now confirming 186,000 Australians’ personal information was included in the breach.
“The investigation, which began in April, engaged forensic specialists to analyse 3.8 million documents in the accounts. This rigorous first step surfaced about 500,000 documents which referenced personal information,” said Service NSW CEO Damon Rees.
“The data is made up of documents such as handwritten notes and forms, scans, and records of transaction applications.
“Across the last four months, some of the analysis has included manual review of tens of thousands of records to ensure our customer care teams could develop a robust and useful notification process.”
The agency in May said its investigation was focused on customers who had been served by one of the 47 impacted staff members.
“We are sorry that customers’ information was taken in this way,” Rees said on Monday.
“Our focus is now on providing the best support for approximately 186,000 customers and staff we’ve identified with personal information in the breach.”
The NSW Auditor-General is currently reviewing the agency’s cyber security practices, education and defences with Service NSW accelerating its cyber security plans.
How do I know the Australia Post letter isn’t also compromised?
Customers at risk will be notified by person-to-person registered Australia Post. They will need to sign for the mail and the letter will be personalised and include information about the data accessed and where those affected can get support.
Service NSW also highlighted that it will never call or email a customer out of the blue to request information about a data breach.
Those who are suspicious about any contact purportedly from Service NSW were told to contact the agency directly on 13 77 88.