Customer Details Stolen After 'Complex' Cyber Attack On Service NSW Staff Emails
Service NSW is scrambling to contact affected customers after it was targeted in a "malicious" phishing attack that led to customer information held in staff emails being stolen.
An investigation into the attack, which is believed to have occurred in April, has since found the email accounts of 47 Service NSW staff members were illegally accessed.
Service NSW CEO Damon Rees said teams were now working to confirm the scope of customers' person details that was accessed in the emails.
Rees said access was limited to content related to transactions that were made over the phone or over-the-counter at a Service NSW Centre.
“Cyber security is incredibly important and we’re very sorry that we haven’t been able to successfully protect our customers against this complex attack," Rees said.
“We are going to do everything we possibly can to help customers who have been affected by this. We’ve established a dedicated team to offer help to affected customers."
Police and cyber security agencies have also been notified as investigations into the attack continue.
Individual MyServiceNSW Accounts have not been compromised, Service NSW said in a statement.
Phishing scams often use emails, phone calls or text messages to attempt to steal people's personal information.
On Tuesday, ScamWatch said Australians had lost just under $64,000 to phishing scams in April alone.
There were 3,153 reports of phishing scams reported to the organisations in that time.
Contact the author: email@example.com