Visit our COVID-19 page for information and advice on the assistance available for NSW residents and businesses.

Service NSW has alerted police and authorities of a cyber attack that has accessed customer information held in emails.

The attack involved the illegal accessing of 47 Service NSW staff members' email accounts. Forensic specialists are investigating the scope of the attack and analysing the email accounts to identify any customer information that may have been accessed.

We are working closely with the police and relevant NSW and federal cyber security agencies along with the NSW Information and Privacy Commission, and will be taking the best course of action to minimise the impact and risk to customers who have been affected.

The data that was illegally accessed was stored in email records and customers should be assured that individual MyServiceNSW Account data has not been compromised.

Our focus is on customers who were served by one of the 47 team members with the compromised email accounts.

At this point we don’t believe there has been any risk introduced to customers from transactions performed online and via mobile.

If you experience suspicious activity online, you should always:

  • Review your existing accounts. Look for unauthorised transactions, changes to settings (for example email particulars), and, if possible, the times and locations your account has been accessed.
  • Reset all passwords and PINs.
  • Do not open suspicious texts or emails – delete them.
  • Be cautious about requests for your personal information over the internet.

If you have a cyber security enquiry, please contact us.

Latest update

23 July 2020

The forensic investigation into the Service NSW cyber attack has provided valuable information including how to effectively validate and identify customers affected by the breach.

The safety of our customers and the protection of their data have been the guiding principles for the investigation.

Service NSW has been working in parallel to modify processes so that our operations better reflect best practice privacy principles.

The initial analysis is now complete and Service NSW is undertaking data quality activities in preparation for notifying identified customers. 

Please note that identified customers will be notified by registered Australia Post which will require the customer to sign for it.

Service NSW will not be contacting customers by phone or email in relation to this incident to minimise the risk of scammers attempting to defraud you by pretending to be Service NSW.

Any customer who has doubts about the veracity of a contact by Service NSW is encouraged to call the Service NSW contact number, 13 77 88.

Previous updates

12 June 2020

Service NSW is placing the safety of customers and their data as a priority above all others as we assess the impact of the cyber attack on 47 mailboxes in our email network.

The analysis into the attack on Service NSW staff email accounts is ongoing and the specialist teams are working through complexities including ensuring the data remains secure during the review. 

Where the specialists have been able to identify customers with sensitive data that was accessed in the cyber attack, we’ve used secure methods to inform those customers. We are helping people with advice about how to keep their private information secure or change their records.

Service NSW continues to build on its care model to ensure it is equipped to handle enquiries from customers affected by the breach.  

28 May 2020

The investigation into the cyber attack is progressing and the team of forensic specialists is focusing on the email data which is most likely to contain customer information.

Our priority is the safety and security of every customer affected by the incident, and we are committed to the best possible customer experience in our response to this breach.

Our dedicated care team has begun contacting customers using secure methods where we have identified data accessed in the attack. 

There is no evidence that Service NSW databases were compromised and the network and systems of record that store licence information are not affected by this breach.

Please note that Service NSW will never ask you to click on a link requesting private information, or ask you to email private information unless this is something you have previously agreed to with Service NSW.

Service NSW will never ask for private information in a cold-call to you without your having the option to independently verify the identity of the caller.

Subscribe for updates

If you’d like to receive email updates about the cyber incident, enter your name and email below to subscribe.