A cyber attack on dozens of staff email accounts at Service NSW has resulted in the theft of 3.8 million documents, including many containing personal information.
The attack affected some 186,000 customers, Service NSW says.
“Service NSW is in the final stages of analysis into the cyber attack earlier this year on 47 staff email accounts and we’re now working to notify customers who had personal information in the breach,” it said.
About 500,000 of the stolen documents contained personal information including drivers licences, firearms registration, working with children checks, birth certificates, credit card details and medical records.
“There’s a lot of data in those email accounts, 3.8 million documents, ranging from information relating to drivers licences, information relating to medicare,” CEO Damon Rees said.
The agency says it is in the process of notifying people affected by the attack, and will provide them with an individual case manager if needed.
Service NSW says it began investigating four months ago.
“The cyber incident was a criminal attack. Cyber-attacks occur daily, and we are often able to intercept them,” it said.
The breach is the subject of a NSW police investigation as well as a review by the NSW auditor general into practices and systems at Service NSW.
“This audit will assess how effectively Service NSW handles personal customer and business information to ensure its privacy,” the agency said.
Comment below to have your say on this story.
If you have a news story or tip-off, get in touch at email@example.com.
Sign up to the Government News newsletter