Service NSW hacked in major data breach
The email accounts of almost 50 NSW government employees have been breached in a cyber attack on the customer service department, putting the personal data of citizens at risk.
Service NSW launched an investigation on April 22 after discovering a possible breach and found the email accounts of 47 staff had been illegally accessed, the department said on Thursday.
Forensic specialists are analysing the email accounts to find out whether any personal information has been accessed through the phishing attack.
Service NSW chief executive Damon Rees says internal cybersecurity teams stopped the attack and worked to limit the impact on the department's customers and services.
"We are now working as quickly as possible to confirm the scope of this attack on the personal information of our customers," Mr Rees said in a statement on Thursday.
The department says access was limited to the content of the 47 email accounts - which relate to over-the-phone or over-the-counter transactions at a Service NSW centre.
"Cybersecurity is incredibly important and we're very sorry that we haven't been able to successfully protect our customers against this complex attack," Mr Rees said.
Service NSW has established a dedicated team to help affected customers and will contact those who are found to have been impacted.
"This is a very complex issue and the analysis and investigation are both ongoing," Mr Rees said.
Individual MyServiceNSW accounts have not been compromised as the stolen data was stored in email records.
Both NSW and federal cybersecurity agencies have been briefed as well as the NSW Information and Privacy Commission.
Originally published as Service NSW hacked in major data breach