Service NSW has continued to place the safety of customer and staff data at the centre of its response to the cyber attack on 47 employee email accounts in March this year.
Ongoing analysis into the methods used in the cyber attack has found significantly fewer customers were affected than first thought.
The number of customers who will need to be contacted has been revised accordingly.
Service NSW is sending new letters via registered post to those customers who did receive information that will need to be updated. We apologise for the disruption this has caused.
The Service NSW Hypercare team will work closely with customers affected by these changes.
Service NSW will never ask for private information in a cold-call to you about this or any other security matter. Any customer who has doubts about someone claiming to be from Service NSW is encouraged to call Service NSW directly on 13 77 88.
30 October 2020
Service NSW is in the final stages of analysis into the cyber attack earlier this year on 47 staff email accounts and we're now working to notify customers who had personal information in the breach.
Customers at risk will be notified by person-to-person registered Australia Post. The letter will be personalised and include important information about the specific individual data accessed during the breach. They will be given clear steps to resolve any issues plus an individual case manager if needed.
We announced the breach in May, soon after it was initially discovered, however the investigation into the specifics has taken 4 months because of its complexity. There were 3.8 million documents stolen. The first step was to investigate all of these to understand exactly how much customer information they contained. This revealed about 500,000 documents. From here the data was “washed” (cross checked) and enriched with other Government sectors to match it accurately with individuals to obtain the latest residential address details.
This process made it possible for us to then notify each affected individual about their specific situation. We took this approach on the advice of external experts IDCARE and Information Integrity Solutions Pty Ltd who have both provided expert independent assessment and advice.
Armed with these details, all affected customers are now able to replace or reissue those credentials known to be stolen. It has been important not to disclose these details until this point, to protect customers from additional threat of scams.
We are now able to focus on providing the best advice for approximately 186,000 customers we’ve identified with data in the breach. In addition to the personalized letters being sent by Registered Australia Post, we have a bespoke support service available including individual case managers for complex circumstances.
The cyber incident was a criminal attack. Cyber-attacks occur daily, and we are often able to intercept them. On this occasion we couldn’t stop the attack. There is a NSW Police investigation underway and a review by the auditor general of Service NSW’s practices and systems. This audit will assess how effectively Service NSW handles personal customer and business information to ensure its privacy.
We have accelerated our cyber security plans and the modernisation of legacy business processes to keep customer information as safe as possible.
Whether or not you’ve been affected by this breach, below are some steps to check and protect your identity, finances and personal information.
Use two-factor authentication
Set up and learn to use two-factor authentication (2FA) for your important accounts.
Fortify your finances
Check bank statements and report anything amiss, and set up a credit alert.
COVID-19 scam messages
Be alert to emails and calls from unknown sources or requesting personal details.
Protective measures for individuals following a data breach
Check with the ATO for any unauthorized requests for early release of your super.
For more guidance please visit Staying Safe Online.
Video: Service NSW - Cyber Attack Response
Over the coming months the NSW Government will be working to raise awareness of scams and empower people to better protect their own identities when working online.
We know this may be a stressful time for many people. If you need emotional support both Lifeline and Beyond Blue may be able to help you. You can call Beyond Blue’s 24/7 support line on 1300 224 436, and Lifeline can be contacted via phone 24/7 on 13 11 14.
31 August 2020
The Service NSW response to the cyber attack on 47 employee email accounts has been driven by the commitment to keep customers and their data safe during the notification period.
The agency is developing a comprehensive notification process that focuses on 3 outcomes:
- ensuring the notification to identified customers is informative and useful
- making the notification process secure by using Australia Post Registered Mail, which requires the customer's signature, for delivery
- notifying customers as soon as possible.
Service NSW is in the final stages of personalising the notification letter to identified customers. This has required a number of steps to sort and review the data to effectively match it to customer contact details.
The data has included handwritten notes and forms, scans and records of transaction applications. This has contributed to the notification timelines.
The notification letter explains the various support options available.
Service NSW has introduced a new customer care team which will be dedicated to helping customers identified in the breach.
Service NSW has changed a number of security systems to mitigate against future cyber attacks of this nature.
Service NSW will not contact customers out of the blue by telephone or email about this or any other cyber security breach asking for privacy or payment information.
If you doubt the veracity of any contact by someone claiming to be from Service NSW, please call our contact centre directly on 13 77 88.
23 July 2020
The forensic investigation into the Service NSW cyber attack has provided valuable information including how to effectively validate and identify customers affected by the breach.
The safety of our customers and the protection of their data have been the guiding principles for the investigation.
Service NSW has been working in parallel to modify processes so that our operations better reflect best practice privacy principles.
The initial analysis is now complete and Service NSW is undertaking data quality activities in preparation for notifying identified customers.
Please note that identified customers will be notified by registered Australia Post which will require the customer to sign for it.
Service NSW will not be contacting customers by phone or email in relation to this incident to minimise the risk of scammers attempting to defraud you by pretending to be Service NSW.
Any customer who has doubts about the veracity of a contact by Service NSW is encouraged to call the Service NSW contact number, 13 77 88.
12 June 2020
Service NSW is placing the safety of customers and their data as a priority above all others as we assess the impact of the cyber attack on 47 mailboxes in our email network.
The analysis into the attack on Service NSW staff email accounts is ongoing and the specialist teams are working through complexities including ensuring the data remains secure during the review.
Where the specialists have been able to identify customers with sensitive data that was accessed in the cyber attack, we’ve used secure methods to inform those customers. We are helping people with advice about how to keep their private information secure or change their records.
Service NSW continues to build on its care model to ensure it is equipped to handle enquiries from customers affected by the breach.
28 May 2020
The investigation into the cyber attack is progressing and the team of forensic specialists is focusing on the email data which is most likely to contain customer information.
Our priority is the safety and security of every customer affected by the incident, and we are committed to the best possible customer experience in our response to this breach.
Our dedicated care team has begun contacting customers using secure methods where we have identified data accessed in the attack.
There is no evidence that Service NSW databases were compromised and the network and systems of record that store licence information are not affected by this breach.
Please note that Service NSW will never ask you to click on a link requesting private information, or ask you to email private information unless this is something you have previously agreed to with Service NSW.
Service NSW will never ask for private information in a cold-call to you without your having the option to independently verify the identity of the caller.
Subscribe for updates
If you’d like to receive email updates about the cyber incident, enter your name and email below to subscribe.