Service NSW Revealed the Scope of Email Breach
Service NSW is a one-stop-shop for all general government services for the public, existing with 101 centers across the state of NSW, Australia. It serves people with registrations of marriage, birth, death, vehicles, fair trading, payment of fines, etc. The department has announced that about 47 of its staff members were fallen for a phishing attack earlier this year, where the data of the public may have breached. And now, after four months if the thorough investigation, Service NSW revealed that about 3.8 million documents were stolen from the 47 email accounts, which constitute to 738GB worth of data belonging to 186,000 people! This massive trove of data consists mainly of scanned documents, transaction records, forms, and handwritten notes. The department assured of no breach found regarding any individual MyServiceNSW accounts nor Service NSW databases and apologizes for leaking the customer data in such a way. Damon Rees, Service NSW CEO said that some of the processes in the investigation included manual checking of tens of thousands of documents to ensure a clear and informative notification of the breach. He also said, The department is now planning to inform everyone of those affected via personalized postal mails, before December. An investigation by NSW police and auditor-general of NSW is in the process of the cybersecurity defenses, systems, and education and practice of the department. Finally, it claims to have accelerated the cybersecurity plans to keep customer data safer, and have even partnered with IDCare for cyber support.