Over 100,000 NSW drivers were affected by a new
data breach on government agencies.
In the first week of September information was made public that personal data of over 100,000 NSW driver’s license-holders might have been compromised,
when a cloud base folder storing personal information was left open through an
unsecured cloud storage site.
The alarming news came after Cyber Security NSW informed Transport NSW
that a cloud storage folder hosted by Amazon Web Services (AWS) was not
properly secure leaving personal information such as names, addresses, dates
of birth, and scanned driver’s licenses images out in the open.
So far no one wants to take the blame for the blunder, Transport NSW
promptly released a statement saying they were not the owners of the cloud
base folder, soon after Cyber Security NSW assured that an unknown
commercial entity was the owner of the folder and that they must gather all the
necessary information to know how this could have happened and notify any
customer who might have been affected by the breach. In the meantime, AWS
has not disclosed the identity of the commercial entity nor any of the 100,000
customers involved arguing breach of contract concerns.
Australian law obliges the commercial entity to adhere to mandatory reporting
requirements to the Office of the Australian Information Commissioner, which
have not been met so far. Cyber Security NSW is working with different
organisations to collect more information on the commercial entity involved,
and encouraging any company to disclose data breaches with their customers
especially if any personal information may have been leaked.
Cyber Security NSW chief officer Tony Chapman has been adamant that
neither his agency nor Transport NSW could be blamed for the breach saying
“the information was not provided by, nor sourced from government agencies,
and that his team does not know how long this commercial entity had this data
open for, nor who might have had access to it.”
On the other hand, NSW Labor is demanding “the NSW Government must
explain how this happened and immediately notify people whose details have
been exposed and we also expect this matter will be examined by a
Parliamentary Inquiry into Cyber Security which was established earlier this
month’.” The Shadow Minister for Better Public Services, Ms. Sophie Cotsis
These episodes have become more frequent in recent time:
● In May 2020, cybercriminals compromised 47 Service NSW staff
accounts, potentially exposing the private information of thousands of
people in NSW.
● On Sunday, 21 June 2020, it was reported Transport for NSW had
experienced a major system outage which was attributed to a malicious
● In December 2019, the Auditor-General reported that 47 percent of
NSW Government agencies are at ‘maturity level zero’ for use of eight
essential cybersecurity strategies recommended by the Australian
Cyber Security Centre.
● In November 2019, the Auditor-General reported there had been
3,324 data breaches across NSW Government agencies.
Security breaches and confidential document leaks can happen to anyone, not
just government agencies or big organizations, we are all at risk however there
are many steps we can take to avoid such mishaps. If you or your company
handles confidential information, personal information, financial documents,
you are required to dispose of that information securely according to
Australian Law under the Privacy Act and must take all the necessary measures
to avoid such blunders.