Service NSW, an Australian government agency, has experienced a data breach that exposed personal information of its customers. According to CEO Greg Wells, an update to the “My services” dashboard on March 20 resulted in the incident.
It is believed that the breach affected customers who were logged in between 1:20 pm and 2:54 pm, with about 3,700 customers impacted during that time.
The agency has notified the affected customers and the Information and Privacy Commission, and is investigating the scope of the incident.
Additionally, personal information that may have been visible to others includes driver’s license and vehicle registration details, contact information, and children’s names. Service NSW believes that the incident was isolated and not the result of a cyber-attack, and that any risk of harm presented by the incident is low.
However, some customers have expressed concern about the incident, with one affected customer, Richard Nelson, saying that the breach should be taken more seriously.
At the same time, in November 2022, the NSW government invested $315 million to enhance cyber systems, introduced the Privacy and Personal Information Protection Amendment Bill, and launched ID Support NSW to assist people impacted by identity theft.
Finally, the amendments include a mandatory notification scheme for state government agencies to escalate matters to the privacy commissioner, keep logs of serious breaches, and make reasonable attempts to mitigate the harm done by a data breach and alert affected people. These changes will come into effect from November 28, 2023.
