Following reports on Thursday morning that a staff member from Service NSW clicked on a suspicious link from an email, the New South Wales government has confirmed it was the target of a malicious phishing attack.
The breach was first thought to have only affected individuals who visited a Service NSW shop front or called the state government service and that those transacting via the app or website channels were not compromised.
But in a statement Thursday afternoon, Service NSW revealed the breach, which occurred on 22 April 2020, had seen customer information held in emails accessed.
"On 22 April, Service NSW launched a comprehensive investigation in response to the discovery of a possible breach. Initial assessments were not clear on the reach of the attack," it said.
"This investigation subsequently identified the email accounts of 47 Service NSW Staff members were illegally accessed."
Need to disclose a breach? Read this: Notifiable Data Breaches scheme: Getting ready to disclose a data breach in Australia
Service NSW said forensic specialists have been engaged to perform a deep analysis of the email accounts to identify any personal information that may have been accessed through this attack.
"We are now working as quickly as possible to confirm the scope of this attack on the personal information of our customers," Service NSW CEO Damon Rees said, adding internal cybersecurity teams stopped the attack and worked to limit its impact.
"We are now confident the criminal access was limited to the content of those email accounts, which are related to transactions over the phone or over-the-counter at a Service NSW Centre."
"Cybersecurity is incredibly important and we're very sorry that we haven't been able to successfully protect our customers against this complex attack."
Service NSW has established a dedicated team to offer help to affected customers.
"Service NSW will contact customers who we determine have been affected by this criminal attack," it wrote.
"This is a very complex issue and the analysis and investigation are both ongoing."
No more clerk with a rubber stamp: Service NSW touts its people as key to its success
Picks up AU$50 million in additional 2019-20 Budget funding to keep progressing work on the business model the federal government has itself adopted.
NSW drivers unable to add digital licence as high demand downs app capability
Service NSW is advising customers to return to the app later to add a digital driver licence, as it was 'a little busy' on Tuesday morning.
Developers need to be developing: Service NSW claims shift in tech stack can help
The one-stop shop for citizen service delivery believes the move to a "low-touch or no-touch" environment will free up time for its developers.
NSW government's one-stop shop website to be launched by end of February
Over 500 existing websites will be consolidated into the one nsw.gov.au website.