The Meeting Place > Technology Talk > Phishing attack puts seniors card holders at risk

Phishing attack puts seniors card holders at risk

avatar
Ben
3 yrs ago

Service NSW, which administers that state’s Seniors Card program, has been the target of a malicious phishing attack of data held within staff emails.

Service NSW has alerted police and authorities of a cyber attack that has accessed customer information held in emails.

On 22 April, Service NSW launched a comprehensive investigation in response to the discovery of a possible breach.

Initial assessments were not clear on the reach of the attack.

This investigation subsequently identified that the email accounts of 47 Service NSW staff members were illegally accessed.

Forensic specialists have been engaged to perform a deep analysis of the email accounts to identify any personal information that may have been accessed through this attack.

Service NSW chief executive Damon Rees said internal cyber security teams stopped the attack and worked to limit the impact on customers and services.

“We are now working as quickly as possible to confirm the scope of this attack on the personal information of our customers,” Mr Rees said.

“We are now confident the criminal access was limited to the content of those email accounts, which are related to transactions over the phone or over-the-counter at a Service NSW Centre.

“Cyber security is incredibly important and we’re very sorry that we haven’t been able to successfully protect our customers against this complex attack.

“We are going to do everything we possibly can to help customers who have been affected by this. We’ve established a dedicated team to offer help to affected customers.

“Service NSW will contact customers who we determine have been affected by this criminal attack.

“This is a very complex issue and the analysis and investigation are both ongoing.”

The stolen data was stored in email records and customers should be reassured that individual MyServiceNSW Accounts have not been compromised.

Relevant NSW and Federal cyber security agencies have been briefed along with the NSW Information and Privacy Commission.

The service.nsw.gov.au website has further information about the breach and will be updated regularly with important security advice for customers.

Are you worried about this security breach?

4 comments
avatar
Suze
3 yrs ago

Yes this sort of security breach is very concerning and as for their statement 

“We are now confident the criminal access was limited to the content of those email accounts, which are related to transactions over the phone or over-the-counter at a Service NSW Centre." 

I do not find their comment reasuring

Why did it take so long to release this information ?

avatar
Eddy
3 yrs ago

What I do not understand is why these IT systems holding our personal data have to be connected  to the internet? If the data was isolated from the internet there could be no unlawful access from external sites. It can be done, I have worked in situations where the IT was completely isolated, one could not easily print out the data and any possibly of electronic copying was disabled. The only way outside people can access sensitive data is via the internet, just isolate it.

avatar
johnp
3 yrs ago

Eddy.  I assume then that the seniors card holders thenselves would not be able to go online to service.nsw.gov.au to check various info re their own account ??

avatar
Suze
3 yrs ago

Apparently the scam only affected customers email accounts, which are related to transactions over the phone or over-the-counter at a Service NSW Centre

4 comments



To make a comment, please register or login

Preview your comment