Nearly 40,000 individuals are nonetheless unaware their personal info was stolen by hackers in a large assault in opposition to an e mail server.
Nearly 40,000 individuals in NSW are nonetheless unaware their personal info was compromised in a large hacking incident final 12 months.
Service NSW chief government Damon Rees advised a parliamentary listening to on Wednesday the company had been unable to reach greater than a 3rd of the 103,000 individuals who had their data compromised in the March 2020 cyber assault.
Mr Rees mentioned the “unstructured nature” of the data that hackers gained entry to meant that it was tough to establish precisely who had been affected and the way to contact them.
“It may very well be the content material of an e mail, it may very well be a scan of a handwritten doc, it may very well be a scan of a receipt,” Mr Rees mentioned of the stolen data.
He mentioned the company determined not to contact these impacted by way of cellphone or e mail, opting as an alternative for posting letters, in order to not create additional danger to the hacking victims.
The company despatched a spherical of focused messages to victims utilizing safe registered mail, after which despatched one other spherical of letters with extra normal info to these hadn’t been reached.
“If you place all that collectively, 63,500 prospects have been finally efficiently notified out of the 103,000 (that have been impacted),” Mr Rees mentioned.
Mr Rees mentioned that as a result of the hackers acquired entry to emails, relatively than managing to penetrate a “core system”, the data they acquired entry to was scattered. That made it tough to make certain of the identification of individuals talked about in the emails.
“(It impacted our potential) to correlate that info and recognise, that, you understand, the data that appears prefer it relates to somebody referred to as Damon Rees in this e mail account, and the data that appears prefer it relates to Damond Rees in that e mail account, are literally the identical Damon Rees,” Mr Rees mentioned.
A prime NSW Police official has previously said investigators believed cyber criminals with “malicious intent” have been behind the hack.
Deputy Commissioner for Investigations and Counter Terrorism David Hudson mentioned in February police had a “pretty good deal with” on what occurred and the investigation would progress pending the return of some info from the Australian Federal Police.
“We consider there was malicious intent, which might make it a cybercrime,” he mentioned.
“Some data breaches are attributable to human error. Certainly wasn’t the case in this — it was malicious actors.”
It wasn‘t instantly clear on Wednesday what the standing of that investigation was.
When Mr Rees answered questions in regards to the hack on the similar February parliamentary listening to, he mentioned between 20 and 30 per cent of victims have been nonetheless unaware they have been impacted.
By Wednesday‘s figures that proportion would have grown to almost 38 per cent.
Service NSW was established in 2013 and handles info on every little thing from bushfire reduction and visitors fines, to contact tracing data and Covid-19 check outcomes.
Originally printed as Service NSW unable to reach 39,500 residents whose data was compromised in hack