However, the NSW Premier confirmed authorities “won’t know for another week until who the victims are”.

“The situation is far from ideal, particularly for domestic violence survivors, those that are in the database, I acknowledge that this would be hugely concerning for them,” Mr Minns said at a press conference on Thursday.

“The last thing we would want to do is add to the anxiety that those people feel at the moment.”

Mr Minns said NSW Police had been made “aware and attuned” to the breach and the additional risk it may pose to victims, assuring them their concerns would not be dismissed.

“People may feel vulnerable and they may be concerned about a particular offender or former intimate partner who’s been charged with very serious offences (reaching them),” he said.

“DCJ [and] the cybersecurity firm are working incredibly hard to identify what breaches have taken place, what documents have been accessed, and who potentially is vulnerable. We’re going to do that as soon as possible and let individuals know.

“If we could give the information about what has been accessed immediately, that’s exactly what I would do, but I can’t do that at the moment.

In the interim, the state government has urged people to contact their local police station if they believe offenders may have accessed information that could be used to find them.

NSW Attorney-General Michael Daley had earlier confirmed the significant breach after an unknown hacker accessed at least 9000 sensitive court documents, including apprehended violence orders, from the Department of Communities and Justice (DCJ) NSW Online Registry website (ORW) last week.

Mr Daley said it would take another week until police and the government knew “the exact nature of the data viewed by the hacker”.

“What we don’t know yet is which files were actually accessed, what the hacker did with them, whether he just viewed them or downloaded and shared them,” Mr Daley said.

“Obviously, people might be concerned about having their data accessed. If they feel that their safety or security has been threatened, they should call the police straight away.”

Acting Commander Jason Smith, from the NSW Police cybercrime squad, said people protected by apprehended violence orders should take extra precautions if they believed they may be at risk.

“What I would say to people is that if you have concerns about your safety as a result of this data breach, you should contact your local police station,” he said.

“If you believe your safety is at risk, yes, certainly you need to take precautions.”

Mr Daley said cybercrime detectives had not yet determined the identity or the origin of the hacker, and could not confirm or deny if criminal organisations were involved.

He confirmed the breach was discovered last week when the DCJ cyber unit was doing a routine maintenance and security check and noticed an unknown party had accessed a DCJ account within the state courts’ single computer system, JusticeLink.

The account was shut down at the time – securing the system – before the “vulnerability was closed” by cyber unit staff.

Mr Daley said police had been informed about the incident on Tuesday, roughly a week after DCJ discovered the breach.

He defended the delay in alerting authorities – and the public – as there were “strict protocols” to be followed in escalating data breaches.

He said the government were not aware if the documents had been downloaded, copied or shared, but was “very pleased” it had not yet appeared on the dark web.

“(Cybercrime detectives and private sector) experts have been looking through the dark web and deploying other techniques that they use to work out what might have happened with the data,” he said.

“I can advise that as of this morning, my advice is that no data that was on the JusticeLink network has appeared in the public domain, not on the dark web or anywhere else.

“That’s something that we are very pleased with.”

The DCJ’s Online Registry website hosts a significant number of administrative services and functions across a range of NSW criminal and civil jurisdictions.

A 2017 video on the NSW Online Registry YouTube channel says users can file many civil court forms online, view information about their cases, download court sealed documents, access the online court, check court listings, and publish and search probate notices.

More Coverage

‘We’ll catch you’: Dodgy real estate agents caught stealing bonds

Madeleine Bower and Elizabeth Pike

Author emerges after erotic book results in abuse material charges

Eliza Barr

Originally published as NSW Courts major data breach leaks 9000 documents, victims urged to take ‘precautions’