How 30,000 Australians had their most intimate details HACKED after a government agency was targeted – so is your information safe?
- 30K residents have not been told their private information was compromised
- Service NSW has not made the changes recommended after March 2020 hack
- They still email personal details, such as drivers licences, to external agencies
30,000 residents who have had private details compromised by hackers targeting government agency Service NSW haven’t been notified.
Head of Service NSW Damon Rees confessed to a parliamentary inquiry on Wednesday that 20-30 per cent of people affected by the March 2020 hack have not been contacted.
He also admitted that New South Wales citizens were still having personal data emailed to external agencies, despite it having contributed to the data breach.
30,000 residents who have had private details compromised by hackers targeting government agency Service NSW haven’t been notified (stock)
104,000 people had their private details compromised, but Mr Rees said only four out of five had their current mailing address in the system.
‘The method of notification in order to not generate risk for the public is registered person-to-person mail,’ he told the inquiry.
An investigation into the hack is still ongoing, a top police officer told the inquiry who said it was caused by ‘malicious actors’.
‘Some data breaches are caused by human error. Certainly wasn’t the case in this,’ said Deputy Commissioner for Investigations and Counter Terrorism David Hudson.
Despite the data breach, Service NSW still email residents’ personal data, including driver licences, to partner agencies Mr Rees admitted to the inquiry.
This is despite a report by Auditor-General Margaret Crawford finding that ’emailing personal customer information to client agencies’ contributed to the breach.
Mr Rees said the agency was implementing a change to that process which would take place at least through this year.
Head of Service NSW (pictured) Damon Rees confessed to a parliamentary inquiry that 20-30 per cent of people affected by the March 2020 hack have not been contacted
The December 2020 Auditor-General’s report was a scathing assessment of Service NSW’s handling of private information, even months after the hack.
‘Service NSW is not effectively handling personal customer and business information to ensure its privacy,’ the report said.
‘Previously identified risks and recommended solutions had not been implemented on a timely basis.’
The report also noted that the ‘weaknesses’ in IT and security impacted four million Australians.