Service NSW breach exposes personal data affecting thousands of customers | 7NEWS
Service NSW breach exposes personal data affecting thousands of customers
Personal information that may have been exposed included driver’s licences, contact information and children’s names. Here’s what you need to know.
Samantha Lock / NSW News / Updated 5 days ago
Share
Service NSW has emailed customers whose information might have been exposed in a data breach. (Dean Lewins/AAP PHOTOS)
The personal information of Service NSW customers has been exposed to other logged-in individuals during a privacy incident, the agency says.
An update released to the “My Services” dashboard on March 20 resulted in the data breach, Service NSW chief executive officer Greg Wells said in an email to affected customers shared with AAP on Monday.
Personal information available through linked services that might have been visible included driver’s licence and vehicle registration details, contact information and children’s names.
Watch the latest news and stream for free on 7plus >>
Affected customers are believed to have been logged in to their MyServiceNSW Account between 1.20pm and 2.54pm.
The agency said it believed the personal information available during the 94-minute window was not searchable and was isolated to the website.
Wells said he believed it was an isolated incident that only affected customers logged in at the time.
“I can confirm this was not a cyberattack and Service NSW believes that any risk of harm presented by this incident is very low,” he said.
It is not known how many customers were impacted by the breach.
One affected customer Richard Nelson said the breach should be taken more seriously.
“They definitely seem to be playing it down but without further details it’s hard to tell,” he told AAP.
“The PII (Personal Identifiable Information) here is significant. This kind of incident erodes trust, and this messaging doesn’t inspire confidence.”
Service NSW said it is investigating the scope of the incident and the Information and Privacy Commission and affected customers have been notified.
About 3700 customers may have been impacted during the time of the incident, a spokesman for Service NSW said.
“The dashboard page was taken down at 3pm and the issue was resolved quickly,” the spokesman said.
In November last year, the NSW government invested $315 million to bolster cyber systems, introduced the Privacy and Personal Information Protection Amendment Bill and launched ID Support NSW to help people impacted by identity theft.
The amendments included a mandatory notification scheme for state government agencies to force agency heads to escalate matters to the privacy commissioner, keep logs of serious breaches and make reasonable attempts to mitigate the harm done by a data breach and alert affected people.
The changes will come into effect from November 28.
Personal information that may have been exposed included driver’s licences, contact information and children’s names. Here’s what you need to know.
Samantha Lock / NSW News / Updated 5 days ago
Share
Service NSW has emailed customers whose information might have been exposed in a data breach. (Dean Lewins/AAP PHOTOS)
The personal information of Service NSW customers has been exposed to other logged-in individuals during a privacy incident, the agency says.
An update released to the “My Services” dashboard on March 20 resulted in the data breach, Service NSW chief executive officer Greg Wells said in an email to affected customers shared with AAP on Monday.
Personal information available through linked services that might have been visible included driver’s licence and vehicle registration details, contact information and children’s names.
Watch the latest news and stream for free on 7plus >>
Affected customers are believed to have been logged in to their MyServiceNSW Account between 1.20pm and 2.54pm.
The agency said it believed the personal information available during the 94-minute window was not searchable and was isolated to the website.
Wells said he believed it was an isolated incident that only affected customers logged in at the time.
“I can confirm this was not a cyberattack and Service NSW believes that any risk of harm presented by this incident is very low,” he said.
It is not known how many customers were impacted by the breach.
One affected customer Richard Nelson said the breach should be taken more seriously.
“They definitely seem to be playing it down but without further details it’s hard to tell,” he told AAP.
“The PII (Personal Identifiable Information) here is significant. This kind of incident erodes trust, and this messaging doesn’t inspire confidence.”
Service NSW said it is investigating the scope of the incident and the Information and Privacy Commission and affected customers have been notified.
About 3700 customers may have been impacted during the time of the incident, a spokesman for Service NSW said.
“The dashboard page was taken down at 3pm and the issue was resolved quickly,” the spokesman said.
In November last year, the NSW government invested $315 million to bolster cyber systems, introduced the Privacy and Personal Information Protection Amendment Bill and launched ID Support NSW to help people impacted by identity theft.
The amendments included a mandatory notification scheme for state government agencies to force agency heads to escalate matters to the privacy commissioner, keep logs of serious breaches and make reasonable attempts to mitigate the harm done by a data breach and alert affected people.
The changes will come into effect from November 28.