Sep - 18

NSW drivers were affected by a new data breach

Over 100,000 NSW drivers were affected by a new data breach on government agencies. In the first week of September information was made public that personal data of over 100,000 NSW driver’s license-holders might have been compromised, when a cloud base folder storing personal information was left open through an unsecured cloud storage site. The alarming news came after Cyber Security NSW informed Transport NSW that a cloud storage folder hosted by Amazon Web Services (AWS) was not properly secure leaving personal information such as names, addresses, dates of birth, and scanned driver’s licenses images out in the open. So far no one wants to take the blame for the blunder, Transport NSW promptly released a statement saying they were not the owners of the cloud base folder, soon after Cyber Security NSW assured that an unknown commercial entity was the owner of the folder and that they must gather all the necessary information to know how this could have happened and notify any customer who might have been affected by the breach. In the meantime, AWS has not disclosed the identity of the commercial entity nor any of the 100,000 customers involved arguing breach of contract concerns. Australian law obliges the commercial entity to adhere to mandatory reporting requirements to the Office of the Australian Information Commissioner, which have not been met so far. Cyber Security NSW is working with different organisations to collect more information on the commercial entity involved, and encouraging any company to disclose data breaches with their customers especially if any personal information may have been leaked. Cyber Security NSW chief officer Tony Chapman has been adamant that neither his agency nor Transport NSW could be blamed for the breach saying “the information was not provided by, nor sourced from government agencies, and that his team does not know how long this commercial entity had this data open for, nor who might have had access to it.” On the other hand, NSW Labor is demanding “the NSW Government must explain how this happened and immediately notify people whose details have been exposed and we also expect this matter will be examined by a Parliamentary Inquiry into Cyber Security which was established earlier this month’.” The Shadow Minister for Better Public Services, Ms. Sophie Cotsis said. These episodes have become more frequent in recent time: ● In May 2020, cybercriminals compromised 47 Service NSW staff accounts, potentially exposing the private information of thousands of people in NSW. ● On Sunday, 21 June 2020, it was reported Transport for NSW had experienced a major system outage which was attributed to a malicious hack. ● In December 2019, the Auditor-General reported that 47 percent of NSW Government agencies are at ‘maturity level zero’ for use of eight essential cybersecurity strategies recommended by the Australian Cyber Security Centre. ● In November 2019, the Auditor-General reported there had been 3,324 data breaches across NSW Government agencies. Security breaches and confidential document leaks can happen to anyone, not just government agencies or big organizations, we are all at risk however there are many steps we can take to avoid such mishaps. If you or your company handles confidential information, personal information, financial documents, you are required to dispose of that information securely according to Australian Law under the Privacy Act and must take all the necessary measures to avoid such blunders.