Cybercrime detectives are investigating the breach involving the Department of Communities and Justice (DCJ) that was identified on Tuesday.

Officers attached to the State Crime Command’s cybercrime squad have been called in to investigate.

NSW Police on Wednesday said the breach occurred on the state’s Online Registry website, a secure online platform that provides access to information involved in both civil and criminal cases across the NSW court system.

The breach has affected the online public registry that people use to upload documents to the system.

“Cybercrime detectives commenced an investigation under Strike Force Pardey and are working closely with DCJ in order to contain the breach after approximately 9000 sensitive court files, including apprehended violence orders and affidavits, were downloaded,” police said in a statement.

“Investigations remain ongoing to establish the full extent of the breach.

“Anyone who thinks their details may have been compromised, always make sure to make a report through ReportCyber.”

NSW Attorney-General Michael Daley said it would take about a week to identify what happened with the files and what data the hacker viewed.

“What we don’t know yet is which files were actually accessed and what the hacker did with them, whether he or she just viewed them or downloaded and shared them,” Mr Daley said at a press conference on Thursday.

“A briefing that I had with the police this morning, they said it’ll be about a week before they know exactly what has happened with those files and the exact nature of the data that was viewed by the hacker.”

Acting Superintendent Jason Smith confirmed that data containing information about apprehended violence orders and the details of minors could have “potentially’ been accessed in the breach.

When asked about whether this meant potential victims of domestic violence had to wait a week to get certainty about their protection, he said “that’s correct”.

“I guess what I would say to people is if you have concerns about your safety as a result of this data breach you should contact your local police station,” Superintendent Smith said.

“Additionally, if you believe that your identity documents have been compromised as a result of any data breach, you can reach out to ID Support NSW who will provide you assistance in remediating your identity documents.”

The DCJ will contact affected account holders and advise them of what happened and next steps once those affected are identified.

Mr Daley said the breach didn’t necessarily mean the documents had been copied, downloaded or shared, but it “just means the file might have been opened”.

“We don’t know what they’ve done with the data yet, we just know that there’s 9000 files that appear somehow to have been accessed,” he said.

“Importantly, the experts have been looking through the dark web and employing other techniques they use to work out what may have happened with the data, and I can advise that as of this morning my advice is that no data that was on the justice link network has appeared in the public domain – not on the dark web or anywhere else.”

Mr Daley said the breach was identified during a security check of the justice link system last week when it was “detected that some data within that system had changed”.

“Upon further examination they worked out that an account holder within the justice link system had gained an unlawful entry into that system. They had accessed 9,000 files,” Mr Daley said.

DCJ cyber experts then moved to shut down the user’s account and “rectify the vulnerability”, Mr Daley said.

“As soon as they did that the hack stopped,” he said.

“They worked out that this user had infiltrated a unit within the justice link system, not the whole system itself, with something called a python script.”

Mr Daley earlier said the government was taking the matter seriously.

“I’ve been advised by the Department of Communities and Justice about a significant cyber breach affecting the NSW Online Registry website,” he said.

“I am assured that DCJ is working with Cyber Security NSW and the NSW Police to ensure the ongoing integrity of the system.

“They are also working to urgently identify and contact affected users, and the public will be kept updated as more information becomes available.”

A spokesperson for DCJ said none of the compromised data had been shared publicly as a result of the breach.

“DCJ is working to urgently identify and contact affected users and will provide updates as more information becomes available,” they said.

Originally published as Will take a week for authorities to identify what data hacker viewed after major breach of NSW government website