Service NSW data breach: Driver’s licenses, children’s names and mobile numbers may have been exposed in massive government blunder
- NSW Service customer data made public
- Up to 3,700 people are affected
A NSW government department has issued an urgent warning to thousands of customers that their personal data may have been ‘exposed’.
In an email sent to 3,700 affected customers, Service NSW CEO Greg Wells said an update to the app on March 20 may have exposed their information for 90 minutes.
“Unfortunately, the update resulted in some customers’ information being visible to other customers who logged into the website between 1:20 p.m. and 2:54 p.m.,” Wells said.
The invasion of privacy could be related to driver’s license, vehicle registration, children’s names or mobile numbers.
A NSW government department has warned thousands of customers that their personal data may have been ‘exposed’
In an email sent to 3,700 affected customers, Service NSW CEO Greg Wells said an update to the app on March 20 may have exposed their information for 90 minutes
“You may have seen other people’s personal information, or other people may have seen your personal information in error,” read the email addressed to customers.
“The personal information was not searchable.”
The issue was isolated because customers logged into the website during that time could potentially see the data of other users logged in at the same time.
It did not apply to those using the app.
The issue was limited to the landing dashboard page and the page was removed after 90 minutes, after which the issue was resolved “quickly”.
The email advised customers not to take “immediate action,” but to “remain vigilant” for suspicious communications or activity.
A detailed investigation was carried out to understand the scope of the incident and the resulting risks, with Service NSW saying they have reason to believe it was an isolated incident.
“Service NSW acknowledges that being notified of a potential disclosure of information may cause anxiety and apologizes for any inconvenience and inconvenience you may experience as a result of this notification,” the email reads.
A Service NSW spokesperson confirmed that the incident was not a ‘cyber attack’ and they notified the Information and Privacy Commission the same day.
“Our priority is the safety and security of every customer affected by the incident, and we are doing everything we can to ensure that customers feel supported,” the spokesperson said.
An assessment of the incident is ongoing to ensure that Service NSW has taken steps to prevent similar incidents from happening.
Customers have been advised to call ID Support NSW on 1800 001 040 for advice on restoring the security of their identity and additional counselling.
The issue was isolated because customers logged into the website during that time period could potentially see the data of other users logged in at the same time (stock image)