Around 186,000 users of Service NSW – the New South Wales government’s “one-stop shop” for everyone from licences to birth, deaths and marriage, property and the law – will be sent a registered letter notifying them of a data breach labelled a “criminal attack” that saw more than 3.8 million documents (738 gigabytes of data) stolen.
The cyber attack involved 47 staff email accounts, sparking a 4-month investigation into the breach with found around 500,000 documents referenced personal information.
Service NSW says the registered letter its sending will “include important information about the specific individual data accessed during the breach” and the victims will be offered an individual case manager if they need one.
“We are now able to focus on providing the best advice for approximately 186,000 customers we’ve identified with data in the breach,” Service NSW said in a statement.
The stolen data handwritten notes, scans, and transaction records. The NSW government first revealed the breach in May, but did not know the extent of the hack on the staff email system.
A NSW Police investigation is underway and the Auditor General is reviewing Service NSW’s practices and systems.
“This audit will assess how effectively Service NSW handles personal customer and business information to ensure its privacy,” the government department said, adding that it had “accelerated our cyber security plans and the modernisation of legacy business processes to keep customer information as safe as possible”.
The government says it may take up to Christmas to contact all the people effected by the data breach.
In the meantime, department officials have warned people to be alert for scammers trying to take advantage of the data breach.