Service NSW suffered a data breach incident that exposed the information of thousands of customers and other logged-in users. The disclosed personal information contained driver’s licenses, contact details, and children’s names.
Last month, a published update to the My Services dashboard resulted in a data breach. The CEO of Service NSW stated this detail in the distributed notification emails to the affected customers earlier this week.
Customers who logged into their MyServiceNSW Account between 1:20 pm and 2:54 pm might have also been impacted by the data leak incident.
The firm explained that the personal details available during the earlier-mentioned timeframe became unsearchable and needed to be isolated by the agency from its website. Moreover, one of the representatives claimed that the attack was an isolated incident that only impacted customers who were active at that time.
One of the officials from Service NSW stated that the incident was not a cyberattack.
According to a Service NSW representative, they can confirm that the incident is not a cyberattack since it does not pose a risk that could harm the affected individuals. However, the initial study has yet to identify the number of customers affected by the breach.
On the other hand, an affected customer claimed that the company should take the breach more seriously. A cybersecurity researcher claimed that NSW has been downplaying the data leak incident despite the lack of knowledge regarding the incident.
An analyst revealed that the exposed PII in this incident is significant. Hence, customer trust could erode quickly. The company disclosed that it is currently investigating the scope of the incident. Moreover, the Information and Privacy Commission has already notified the affected customers.
Service NSW has more than 3,700 customers that could suffer from the incident. Therefore, these possibly compromised users should be wary of phishing campaigns and unwanted communications.
