Service NSW

Service NSW, the state government's primary service delivery agency, was hit by an email compromise attack that gave attackers potential access to sensitive customer information including driver licences and Medicare numbers.

What Happened

Phishing attackers successfully compromised 47 Service NSW staff email accounts, gaining access to customer information stored in emails and attachments. Service NSW handles a wide range of government services including driver licence renewals, vehicle registrations, and other identity-related transactions, meaning staff emails potentially contained highly sensitive personal information.

The attack involved sophisticated phishing emails that tricked staff members into providing their credentials. Once inside the email system, attackers had access to correspondence and attachments that could include copies of identity documents, personal details, and government service applications.

Impact on Individuals

Customers whose information was accessed through the compromised email accounts faced risks of identity theft and fraud. The potential exposure of driver licences and Medicare numbers—both accepted forms of identification in Australia—created significant identity crime risks.

Organisational Response

Service NSW immediately secured the compromised accounts and launched an investigation. The agency engaged the Australian Cyber Security Centre and implemented additional email security measures. Affected customers were notified, though the full scope of exposure remained unclear for some time after the initial breach.