Visit our COVID-19 page for information and advice on the assistance available for NSW residents and businesses

Service NSW is in the final stages of analysis into the cyber attack earlier this year on 47 staff email accounts and we're now working to notify customers who had personal information in the breach.  

Customers at risk will be notified by person-to-person registered Australia Post. The letter will be personalised and include important information about the specific individual data accessed during the breach. They will be given clear steps to resolve any issues plus an individual case manager if needed.

We announced the breach in May, soon after it was initially discovered, however the investigation into the specifics has taken 4 months because of its complexity. There were 3.8 million documents stolen. The first step was to investigate all of these to understand exactly how much customer information they contained. This revealed about 500,000 documents. From here the data was “washed” (cross checked) and enriched with other Government sectors to match it accurately with individuals to obtain the latest residential address details.

This process made it possible for us to then notify each affected individual about their specific situation. We took this approach on the advice of external experts IDCARE and Information Integrity Solutions Pty Ltd who have both provided expert independent assessment and advice.

Armed with these details, all affected customers are now able to replace or reissue those credentials known to be stolen. It has been important not to disclose these details until this point, to protect customers from additional threat of scams.

We are now able to focus on providing the best advice for approximately 186,000 customers we’ve identified with data in the breach. In addition to the personalized letters being sent by Registered Australia Post, we have a bespoke support service available including individual case managers for complex circumstances.

The cyber incident was a criminal attack. Cyber-attacks occur daily, and we are often able to intercept them. On this occasion we couldn’t stop the attack. There is a NSW Police investigation underway and a review by the auditor general of Service NSW’s practices and systems. This audit will assess how effectively Service NSW handles personal customer and business information to ensure its privacy.

We have accelerated our cyber security plans and the modernisation of legacy business processes to keep customer information as safe as possible.

Whether or not you’ve been affected by this breach, below are some steps to check and protect your identity, finances and personal information.

Protect your passwords
Use passphrases and use different ones in different places.

Use two-factor authentication
Set up and learn to use two-factor authentication (2FA) for your important accounts.

Fortify your finances
Check bank statements and report anything amiss, and set up a credit alert.

COVID-19 scam messages
Be alert to emails and calls from unknown sources or requesting personal details.

Protective measures for individuals following a data breach
Check with the ATO for any unauthorized requests for early release of your super.

For more guidance please visit Staying Safe Online.

Video: Service NSW - Cyber Attack Response

Service NSW was the target of a cyber attack earlier this year on 47 staff emails accounts.

An investigation is ongoing and now Service NSW has started notifying impacted customers by person to person registered Australia Post.

If you receive a letter, it will provide important information about our care service and dedicated help and support.

Service NSW will never call you out of the blue or send an email about this breach asking for personal, private or payment information about this incident.

If someone claims to be from Service NSW, you can verify the contact by calling Service NSW directly on 13 77 88.

We’re sorry our defences weren’t able to stop this criminal attack on customer information.

Working alongside Cyber Security NSW, NSW Police and the Privacy Commissioner, Service NSW has already added additional security measures to protect against this type of attack in the future.

Be assured, Service NSW has put the safety of customers at the centre of our response to this breach.

Over the coming months the NSW Government will be working to raise awareness of scams and empower people to better protect their own identities when working online.

We know this may be a stressful time for many people. If you need emotional support both Lifeline and Beyond Blue may be able to help you. You can call Beyond Blue’s 24/7 support line on 1300 224 436, and Lifeline can be contacted via phone 24/7 on 13 11 14.

Previous updates

31 August 2020

The Service NSW response to the cyber attack on 47 employee email accounts has been driven by the commitment to keep customers and their data safe during the notification period.

The agency is developing a comprehensive notification process that focuses on 3 outcomes:

  • ensuring the notification to identified customers is informative and useful
  • making the notification process secure by using Australia Post Registered Mail, which requires the customer's signature, for delivery 
  • notifying customers as soon as possible.

Service NSW is in the final stages of personalising the notification letter to identified customers. This has required a number of steps to sort and review the data to effectively match it to customer contact details.

The data has included handwritten notes and forms, scans and records of transaction applications. This has contributed to the notification timelines.

The notification letter explains the various support options available.

Service NSW has introduced a new customer care team which will be dedicated to helping customers identified in the breach.

Service NSW has changed a number of security systems to mitigate against future cyber attacks of this nature.

Service NSW will not contact customers out of the blue by telephone or email about this or any other cyber security breach asking for privacy or payment information.

If you doubt the veracity of any contact by someone claiming to be from Service NSW, please call our contact centre directly on 13 77 88.

23 July 2020

The forensic investigation into the Service NSW cyber attack has provided valuable information including how to effectively validate and identify customers affected by the breach.

The safety of our customers and the protection of their data have been the guiding principles for the investigation.

Service NSW has been working in parallel to modify processes so that our operations better reflect best practice privacy principles.

The initial analysis is now complete and Service NSW is undertaking data quality activities in preparation for notifying identified customers. 

Please note that identified customers will be notified by registered Australia Post which will require the customer to sign for it.

Service NSW will not be contacting customers by phone or email in relation to this incident to minimise the risk of scammers attempting to defraud you by pretending to be Service NSW.

Any customer who has doubts about the veracity of a contact by Service NSW is encouraged to call the Service NSW contact number, 13 77 88.

12 June 2020

Service NSW is placing the safety of customers and their data as a priority above all others as we assess the impact of the cyber attack on 47 mailboxes in our email network.

The analysis into the attack on Service NSW staff email accounts is ongoing and the specialist teams are working through complexities including ensuring the data remains secure during the review. 

Where the specialists have been able to identify customers with sensitive data that was accessed in the cyber attack, we’ve used secure methods to inform those customers. We are helping people with advice about how to keep their private information secure or change their records.

Service NSW continues to build on its care model to ensure it is equipped to handle enquiries from customers affected by the breach.  

28 May 2020

The investigation into the cyber attack is progressing and the team of forensic specialists is focusing on the email data which is most likely to contain customer information.

Our priority is the safety and security of every customer affected by the incident, and we are committed to the best possible customer experience in our response to this breach.

Our dedicated care team has begun contacting customers using secure methods where we have identified data accessed in the attack. 

There is no evidence that Service NSW databases were compromised and the network and systems of record that store licence information are not affected by this breach.

Please note that Service NSW will never ask you to click on a link requesting private information, or ask you to email private information unless this is something you have previously agreed to with Service NSW.

Service NSW will never ask for private information in a cold-call to you without your having the option to independently verify the identity of the caller.

Subscribe for updates

If you’d like to receive email updates about the cyber incident, enter your name and email below to subscribe.