Nearly 40,000 individuals are nonetheless unaware their non-public information was stolen by hackers in a large assault in opposition to an e-mail server.
Service NSW chief govt Damon Rees instructed a parliamentary listening to on Wednesday the company had been unable to reach greater than a third of the 103,000 individuals who had their information compromised within the March 2020 cyber assault.
Nearly 40,000 individuals in NSW are nonetheless unaware their non-public information was compromised in a large hacking incident final yr.
Mr Rees stated the “unstructured nature” of the information that hackers gained entry to meant that it was troublesome to establish precisely who had been affected and the way to contact them.
He stated the company determined not to contact these impacted through telephone or e-mail, opting as an alternative for posting letters, so as to not create additional danger to the hacking victims.
“It might be the content material of an e-mail, it might be a scan of a handwritten doc, it might be a scan of a receipt,” Mr Rees stated of the stolen information.
The company despatched a spherical of focused messages to victims utilizing safe registered mail, after which despatched one other spherical of letters with extra normal information to these hadn’t been reached.
“If you set all that collectively, 63,500 prospects had been in the end efficiently notified out of the 103,000 (that had been impacted),” Mr Rees stated.
Mr Rees stated that as a result of the hackers bought entry to emails, fairly than managing to penetrate a “core system”, the information they bought entry to was scattered. That made it troublesome to make certain of the id of individuals talked about within the emails. “(It impacted our potential) to correlate that information and recognise, that, you already know, the information that appears prefer it relates to somebody known as Damon Rees on this e-mail account, and the information that appears prefer it relates to Damond Rees in that e-mail account, are literally the identical Damon Rees,” Mr Rees stated.
A prime NSW Police official has beforehand stated investigators believed cyber criminals with “malicious intent” had been behind the hack. Deputy Commissioner for Investigations and Counter Terrorism David Hudson stated in February police had a “pretty good deal with” on what occurred and the investigation would progress pending the return of some information from the Australian Federal Police.
“We imagine there was malicious intent, which might make it a cybercrime,” he stated. “Some information breaches are brought on by human error. Certainly wasn’t the case on this — it was malicious actors.”
It wasn‘t instantly clear on Wednesday what the standing of that investigation was. When Mr Rees answered questions in regards to the hack on the similar February parliamentary listening to, he stated between 20 and 30 per cent of victims had been nonetheless unaware they had been impacted.
By Wednesday‘s figures that share would have grown to practically 38 per cent. Service NSW was established in 2013 and handles information on every part from bushfire reduction and visitors fines, to contact tracing information and Covid-19 check outcomes.
- Service NSW has been unable to reach 39,500 residents whose personal information has been stolen as a result of a breach
- Check all information and articles from the newest Security news updates.