Service NSW data breach: Customer data exposed for 90 minutes after website update
Drivers licences, children’s names and mobile numbers could have been exposed in a major data breach after an update on a government website.
A NSW government department has issued a warning to thousands of customers that their personal data may have been ‘exposed’.
In an email sent to 3700 affected customers on Monday and seen by NCA NewsWire, Service NSW’s chief executive Greg Wells said an update to the website on March 20 may have exposed their information for 90 minutes.
“Unfortunately the update resulted in some customers’ information being visible to other customers who were logged in to the website between 1.20pm and 2.54pm,” Mr Wells said.
The privacy breach could include drivers licence, vehicle registration, childrens names or mobile numbers.
“You may have seen other people’s personal information, or that other people may have seen your personal information in error,” the email addressed to customers read.
“The personal information was not searchable.”
The issue was isolated to customers who were logged into the website over that period potentially able to see the data of other users logged in at the same time. It did not apply to those using the app.
The problem was limited to the landing dashboard page and the page was taken down after 90 minutes, with the issued resolved “quickly”.
The email advised customers they do not need to take “immediate action” however, they should “remain vigilant” to any suspicious communications or activity.
A detailed investigation was undertaken to understand the scope of the incident and the risks arising from it, with Service NSW saying they have reason to believe it was an isolated incident.
“Service NSW acknowledges that being notified about any possible disclosure of information can cause anguish and apologise for any distress and inconvenience you may experience due to this notification,” the email read.
A Service NSW spokesman confirmed the incident was not a “cyber-attack” and they had notified the Information and Privacy Commission on the same day.
“Our priority is the safety and security of every customer affected by the incident, and we are committed to ensuring customers feel supported,” the spokesman said.
A review of the incident is underway to ensure Service NSW has measures in place to prevent similar incidents.
Customers have been advised they can call ID Support NSW on 1800 001 040 for advice on restoring the security of their identity and additional counselling support.
The news comes days after the federal government announced plans to add a digital version of the Medicare card on the Service NSW application soon.
The digital card was made available on the MyGov app on Thursday in an attempt to make the card more accessible to Australians while also providing an extra layer of security.
As with all items in the myGov wallet, Government Service Minister Bill Shorten said the Medicare card has protections against fraud and theft, including a hologram and QR code.
“The animated hologram shows that the card is not just a screenshot and the QR code can be scanned by health professionals to confirm the card is genuine and valid,” he said.