iTnews
  • Home
  • News
  • Technology
  • Security

Service NSW hit by email compromise attack

By Ry Crozier , Justin Hendry on May 14, 2020 2:15PM
Service NSW hit by email compromise attack

Agency tries to work out what data was accessed.

Service NSW has been hit by an email compromise attack impacting the accounts of 47 staff members and information of an unknown number of citizens.

The breach, first reported by 9News, has been referred to police and government cyber investigators to “identify any customer information that may have been accessed.”

“The data that was illegally accessed was stored in email records,” Service NSW said in a statement on Thursday.

“Customers should be reassured that individual MyServiceNSW Account data has not been compromised.”

Service NSW, renowned as a leader in customer-centric face-to-face and digital services, said a comprehensive investigation into a possible breach was launched on April 22.

While the “initial assessments were not clear on the reach of the attack”, the investigation has subsequently identified that 47 staff members were illegally accessed.

9News reported the compromise occurred sometime in April but that it was only communicated to the relevant Minister last night.

The agency said its focus was now on customers “who were served by one of the 47 team members with the compromised email accounts.”

Forensic specialists have been brought in to perform “deep analysis of the email accounts to identify any personal information that may have been accessed”.

“At this point we don’t believe there has been any risk introduced to customers from transactions performed online and via mobile,” the agency said.

“Service NSW will contact customers who have been affected by the breach as soon as we have the necessary information.”

CEO Damon Rees said internal cyber security teams had stopped the attack and limited the impact of customers and services.

“We are now working as quickly as possible to confirm the scope of this attack on the personal information of our customers,” he said.

“We are now confident the criminal access was limited to the content of those email accounts, which are related to transactions over the phone or over-the-counter at a Service NSW Centre,” he said.

“Cyber security is incredibly important and we’re very sorry that we haven’t been able to successfully protect our customers against this complex attack.

“We are going to do everything we possibly can to help customers who have been affected by this. We’ve established a dedicated team to offer help to affected customers.

“This is a very complex issue and the analysis and investigation are both ongoing.”

Service NSW said both NSW and federal cyber security agencies have been briefed, as well as the NSW Information and Privacy Commission.

While NSW agencies aren’t currently required to report data breaches to affected persons, the government has pledged to introduce a mandatory data breaches notification scheme.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
governmentitsecurityservice nsw

Partner Content

Why Genworth Australia embraced low-code software development
Promoted Content Why Genworth Australia embraced low-code software development
The Great Resignation has intensified insider security threats
Promoted Content The Great Resignation has intensified insider security threats
Security: Understanding the fundamentals of governance, risk & compliance
Promoted Content Security: Understanding the fundamentals of governance, risk & compliance
Security "mindset shift" needed to protect organisations
Promoted Content Security "mindset shift" needed to protect organisations

Sponsored Whitepapers

Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership

Events

  • Micro Focus Information Management & Governance (IM&G) Forum 2022
  • CRN Channel Meets: CyberSecurity Live Event
  • IoT Insights: Secure By Design for manufacturing
  • Cyber Security for Government Summit
  • Forrester Technology & Innovation Asia Pacific 2022
By Ry Crozier
Justin Hendry
May 14 2020
2:15PM
0 Comments

Related Articles

  • Service NSW shortlists face matching tech for identity verification
  • NSW bans police from accessing QR code check-in data
  • Service NSW to bring facial verification to digital channels
  • NSW moves to fortify check-in app data privacy, prevent police access
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Australia scraps digital passenger cards for international arrivals

Australia scraps digital passenger cards for international arrivals

PayTo rollout kicks off

PayTo rollout kicks off

Services Australia spends $50m on IBM Power hardware upgrade

Services Australia spends $50m on IBM Power hardware upgrade

Westpac sets sights on hybrid meeting spaces

Westpac sets sights on hybrid meeting spaces

Digital Nation

Case study: AFL kicks goals with its new digital platform
Case study: AFL kicks goals with its new digital platform
Personalisation strategies need to be built from the ground up
Personalisation strategies need to be built from the ground up
Case Study: EY invests in AI to improve approach to flexible working
Case Study: EY invests in AI to improve approach to flexible working
Case Study: Multicloud business drivers at MLC Life Insurance
Case Study: Multicloud business drivers at MLC Life Insurance
Case Study: Good360 deploys NetSuite, Magento and Salesforce
Case Study: Good360 deploys NetSuite, Magento and Salesforce
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.