Cyber Incident Victim: Service NSW

On April 22, 2020, Service NSW detected a potential security breach after a staff member reported clicking a suspicious email link, prompting an immediate investigation. Initial assessments were inconclusive regarding the attack's scope, but subsequent forensic analysis confirmed unauthorized access to 47 employee email accounts. The New South Wales government characterized the incident as a malicious phishing attack targeting its customer service agency. Service NSW CEO Damon Rees stated internal cybersecurity teams intervened to halt the attack and minimize its impact. While initial reports suggested only customers using physical shop fronts or phone services were affected, the agency later clarified that compromised staff email accounts contained transaction data from these channels.

Service NSW engaged forensic specialists to analyze the breached email accounts and identify potentially accessed customer information. The agency established a dedicated response team to notify and support affected individuals, emphasizing ongoing efforts to determine the full extent of compromised data. Rees publicly acknowledged the breach's complexity and expressed regret for failing to prevent the attack. Service NSW maintained that criminal access was confined to email content related to phone and over-the-counter transactions, explicitly excluding digital app and website channels from compromise. The investigation remained active as of the May 13, 2020 disclosure, with the agency committing to direct communication with impacted customers upon confirmation. No specific details regarding the number of affected citizens or types of exposed data were disclosed in the initial statement.