39,000 New South Wales residents still have no idea their data was hacked
<p><span style="font-weight: 400;">Service NSW are trying to reach nearly 40,000 residents who have unknowingly had their private information stolen. </span></p>
<p><span style="font-weight: 400;">The massive hacking incident occured in March last year, as Service NSW chief executive Damon Rees discussed the details at a parliamentary hearing on Wednesday.</span></p>
<p><span style="font-weight: 400;">Mr Rees said the “unstructured nature” of the data that hackers gained access to meant it was proving difficult to identify who had been impacted and how to contact them.</span></p>
<p><span style="font-weight: 400;">He said over 103,000 people had their private information shared online, while one third of the victims still remained unaware. </span></p>
<p><span style="font-weight: 400;">“It could be the content of an email, it could be a scan of a handwritten document, it could be a scan of a receipt,” Mr Rees said of the stolen data.</span></p>
<p><span style="font-weight: 400;">He went on to say that Service NSW opted to notify those impacted by post rather than by phone or email, in an effort to minimise further risk. </span></p>
<p><span style="font-weight: 400;">“If you put all that together, 63,500 customers were ultimately successfully notified out of the 103,000 (that were impacted),” Mr Rees said.</span></p>
<p><span style="font-weight: 400;">He said that because the hackers gained access to people’s emails, the data they collected was scattered and it made it difficult to be certain of the identity of people mentioned in the emails.</span></p>
<p><span style="font-weight: 400;">“(It impacted our ability) to correlate that information and recognise, that, you know, the information that looks like it relates to someone called Damon Rees in this email account, and the information that looks like it relates to Damond Rees in that email account, are actually the same Damon Rees,” Mr Rees said.</span></p>
<p><span style="font-weight: 400;">Deputy Commissioner for Investigations and Counter Terrorism David Hudson said in February police had a “fairly good handle” on the breach in security, and discussed the nature of their investigation. </span></p>
<p><span style="font-weight: 400;">“We believe there was malicious intent, which would make it a cybercrime,” he said.</span></p>
<p><span style="font-weight: 400;">“Some data breaches are caused by human error. Certainly wasn't the case in this — it was malicious actors.”</span></p>
<p><em><span style="font-weight: 400;">Image credit: Shutterstock</span></em></p>
