Dominello says Service NSW data breach victims getting 'hypercare'

NSW Customer Services minister Victor Dominello says the victims of Service NSW’s email compromise are receiving “hypercare”, despite the 186,000 affected customers still waiting to learn of the breach.

Breaking his silence since the extent of the data breach was revealed, Dominello took to LinkedIn late on Tuesday to talk up the measures taken by the one-stop-shop for government services.

It comes as NSW Labor ramp up their attack on the government by advancing the idea that the breach could expose taxpayers to billions of dollars in compensation claims under the state’s Privacy and Personal Information Protection (PPIA) Act.

Service NSW on Monday revealed a staggering 3.8 million documents, amounting to 736GB of data, were stolen by unknown attackers - thought to be one of the largest data breaches ever to hit a NSW government agency.

The breach, which saw the personal information of 186,000 customers held in the email accounts of 42 Service NSW staff members compromised, occurred back in April, though the agency is only now starting to notify affected individuals via registered post.

Despite this, Dominello has backed Service NSW’s response to date, particularly in the immediate aftermath of the breach.

“Within 24 hours, I directed my agency to: immediately notify the public, refer the matter to the Auditor-General and retain external experts in privacy, identity and security to ensure that best practice was adopted to support those impacted,” he said on LinkedIn.

Dominello said that “the agency quickly established a hypercare team to look after those affected” and had also established a “permanent identity recovery unit to focus on supporting the victims of attacks like these” in response to rising identity theft.

“When crime occurs we focus on catching the criminals. However, it is just as important to support the victims,” he said.

“Identity theft is not a victimless crime."

Dominello also added that shifting to “true end-to-end digital services” would make it “more difficult for criminals” to replicate the attack in the future, as much of the stolen data was scanned attachments such as paper application forms and copies of driver's licences.

Labor’s public services spokesperson Sophie Cotsis and Labor leader Jodi McKay are continuing to call for Dominello to publicly explain and apologise for the breach.

“If it’s good enough for Mark Zuckerberg and the CEOs of Zoom, Yahoo, Marriott International and British Airways to apologise for data breaches, then Victor Dominello must do the same,” Cotsis said in a statement on Tuesday.

“The Government must strengthen our State’s defences against cyber-attacks and guarantee records at Service NSW are safe and protected.”

Cotsis claimed the data breach could also see the government liable to pay as much as $40,000 to each of the 186,000 people who suffer loss or damage as a result of the privacy breach under the PPIP Act.

“The NSW Auditor-General identified serious cybersecurity weaknesses in state government agencies last year, yet this government failed to act,” she added.

“Now taxpayers could be forced to foot the bill for this Minister’s mismanagement of Service NSW, a hugely important agency that 8 million people depend on.”