mySA Gov

The South Australian Government's mySA Gov platform, operated by the Department for Infrastructure and Transport, provides a centralised online service for citizens to manage transportation-related administrative tasks. Core products and services include digital access to driver's licence applications and renewals, vehicle registration transactions, and related personal detail updates. The platform serves the residents of South Australia as the primary digital interface for these state-mandated transport services, handling highly sensitive personal information such as photographic licence data and vehicle ownership records. Its operational scope is confined to the jurisdiction of South Australia, functioning as an essential component of the state's public service infrastructure. The department's role is both service-oriented and regulatory, as it is the statutory authority responsible for maintaining official transport records and ensuring compliance with state road transport legislation. A defining attribute of this organisation is its custodianship of a significant volume of personally identifiable information (PII) and credential data for the driving public, making it a high-value target for cyber threats. The platform's existence as a single sign-on gateway to multiple government services further amplifies the potential impact of any security compromise, as credentials could be leveraged across other systems.

The documented security incident of November 2021 provides a critical case study of the organisation's threat landscape and incident response capabilities. Attackers employed credential stuffing, using passwords previously stolen from an unrelated third-party website to gain unauthorised access to 2,601 mySA Gov user accounts. This breach directly exposed the sensitive documents and details associated with those accounts, including driver's licence and vehicle registration information in 2,008 specific instances. The Department for Infrastructure and Transport's security team detected the suspicious login activity, implemented blocks on the compromised credentials to halt further access, and initiated a notification process for all affected individuals. A notable aspect of the response was the advice given to impacted users to change their official driver's licence numbers, a significant operational step indicating the perceived risk of data misuse from the exposed documentation. The investigation concluded there was no evidence of fraudulent transactions being conducted through the compromised accounts, though the exposure of primary identification documents represented a persistent risk for identity fraud. This event explicitly underscores the persistent vulnerability created by user password reuse and the challenges faced by government digital service providers in defending against large-scale, automated attacks leveraging previously breached credential sets. The incident serves as a documented instance where the organisation's security controls were tested, revealing both detection capabilities and the severe data exposure that can result from a successful, though contained, intrusion.