Last week we learnt of a real doozy of a breach:
Service NSW reveals 738GB of customer data was stolen during email breach
Attack accessed 47 staff email accounts and affected 186,000 customers.
Service NSW has revealed that the personal information of 186,000 customers was stolen because of a cyber attack earlier this year on 47 staff email accounts.
Following a four-month investigation that began in April, Service NSW said it identified that 738GB of data, which compromised of 3.8 million documents, was stolen from the email accounts.
The one-stop-shop agency assured, however, there was no evidence that individual MyServiceNSW account data or Service NSW databases were compromised during the cyber attack.
"This rigorous first step surfaced about 500,000 documents which referenced personal information," Service NSW CEO Damon Rees said.
"The data is made up of documents such as handwritten notes and forms, scans, and records of transaction applications.
"Across the last four months, some of the analysis has included manual review of tens of thousands of records to ensure our customer care teams could develop a robust and useful notification process.
"We are sorry that customers' information was taken in this way."
Service NSW said it would now progressively notify affected customers by sending personalised letters via registered post containing information about the data that was stolen and how they could access support, including access to an individual case manager to help with possibly replacing some documents. The agency expects to complete notifying customers in December.
More here:
There was also good coverage here:
Data of 186,000 customers leaked in Service NSW cyber attack
By Matt Bungard
Updated September 7, 2020 — 10.20pmfirst published at 4.53pm
Service NSW has confirmed that the personal data of 186,000 customers and staff were leaked after a cyber attack earlier this year, in which 47 employees had their email accounts compromised.
A four-month investigation, which began in April, concluded that roughly 3.8 million documents had to be analysed to assess the severity of any possible breaches.
Service NSW has revealed details about a cyber-attack that compromised 186,000 customers’ personal information.
"This rigorous first step surfaced about 500,000 documents which referenced personal information," Service NSW chief executive Damon Rees said.
"The data is made up of documents such as handwritten notes and forms, scans, and records of transaction applications."
The total size of the breach was 738 gigabytes of data, but not all of that was personal information, a spokesperson for Service NSW said.
There is no evidence that individual MyServiceNSW account data or Service NSW databases were compromised.
"The cyber incident was a criminal attack," Service NSW said in a statement.
"Cyber attacks occur daily, and we are often able to intercept them. On this occasion, we couldn't stop the attack."
Customers who have been identified as "at-risk" will be notified by mail, which will include instructions on how to get support. The department said it "will never call or email a customer out of the blue requesting customer information about this or any other data breach".
The mailing process is expected to be concluded by December.
More here:
Talk about being relaxed and comfortable!
They take four months to let people know their personal data has been compromised and then plan to take another 4 months to tell those who have been compromised that they have been breached.
With 738 Gigs lost how can they know what is actually going on and who is at risk of fraud, ID theft and so on?
A Californian approach does not really cut it I reckon!
David.
No comments:
Post a Comment