More than 180,000 New South Wales residents are believed to have been caught up in a major cyber security breach after a state government department was compromised earlier this year.
- Service NSW began investigating the breach in May after staff emails were compromised in April
- NSW Police are investigating who accessed the sensitive information
- Opposition MP Sophie Cotsis criticised the Government for taking months to inform customers
Service NSW on Monday morning confirmed the large number of people likely impacted in the breach which was first reported publicly by the Government in May.
Those caught up in the “criminal attack” are now set to be informed by the department via registered post in the coming days.
Service NSW chief executive Damon Rees confirmed the scale of the incident in a statement, saying millions of documents may have been compromised.
“The investigation, which began in April, engaged forensic specialists to analyse 3.8 million documents in the accounts,” he said.
“This rigorous first step surfaced about 500,000 documents which referenced personal information.”
Mr Rees said the data comprised documents such as handwritten notes and forms, scans, and records of transaction applications.
“Across the last four months, some of the analysis has included manual review of tens of thousands of records to ensure our customer care teams could develop a robust and useful notification process.
“We are sorry that customers’ information was taken in this way.”
‘It shouldn’t take four months to notify people’
The incident was discovered after the email accounts of 47 staff members were first compromised in April.
Requests by ABC News under freedom of information laws for more information about the breach were rejected by the department in July, on the grounds an investigation was ongoing.
NSW Police are actively involved in the investigation to determine who accessed the sensitive information.
Opposition MP Sophie Cotsis said the breach was “unprecedented”.
“It is extraordinary that this attack has been allowed to happen.
“Whether it’s births, deaths and marriages, registration, guardianship information — today people should be questioning whether they trust the information that they’re providing to the Government and the security measures that the government is taking to keep their information safe.”
She also criticised the Government for taking four months to alert residents.
“This is extraordinary — this is four months and they haven’t notified people,” she said.
“The last we heard is that they’re going to [use] registered mail notification, I mean that’s outrageous.
“It shouldn’t take four months to notify people whose information has been leaked and cyber criminals have access to that information.”