Expert On News: Attack on Service NSW compromises citizen data

The New South Wales government has confirmed it was the target of a malicious phishing attack, after reports that a staff member from Service NSW clicked on a suspicious link from an email. According to an investigation by Service NSW, 47 employees’ email accounts were accessed illegally, while they are still working to confirm the scope of the attack on the personal information of customers. The compromised data in the email accounts breached largely related to transactions over the phone or over-the-counter at a Service NSW Centre. Service NSW has established a dedicated team to offer help to affected customers, according to ZDNet.

Experts Comments

May 14, 2020
Ed Macnair
CEO
Censornet
There’s one clear lesson from the breach against Service NSW: never underestimate email attacks. Phishing is probably the best known method of cyber attack, which often means that organisations assume it’s not a type of attack they need to worry about. This is incredibly counterintuitive, phishing is so popular because time and time again it proves effective, and criminals’ phishing techniques have become more sophisticated over recent years. Organisations should not expect that their.....Read More
There’s one clear lesson from the breach against Service NSW: never underestimate email attacks. Phishing is probably the best known method of cyber attack, which often means that organisations assume it’s not a type of attack they need to worry about. This is incredibly counterintuitive, phishing is so popular because time and time again it proves effective, and criminals’ phishing techniques have become more sophisticated over recent years. Organisations should not expect that their staff will be able to spot them – protective technology should be in place. In this case, almost 50 staff accounts were compromised. As Service NSW itself has identified, this makes it a significant breach because each member of staff will have emails that contain sensitive information of citizens of New South Wales. It will take a long time to work out just how much personal information could have been accessed by criminals and to alert everyone who could have been affected. Organisations should remember that cyber criminals, like all criminals, will use the point of attack with the least resistance and the least likelihood of triggering the alarm. Often that is utilising the easiest and proven techniques such as phishing.  Read Less
May 14, 2020
Jake Moore
Cybersecurity Specialist
ESET
No one ever expects to be hit with a large scale attack, but this is a timely reminder that they continue to occur – and even with the best security intentions, staff must remain vigilant. Whenever governments are hit with an attack they are usually quick to admit it and announce to the public, or at least those affected, immediately. This is far from what private businesses tend to announce, as they may be influenced by insurers or PR agencies, preferring to keep such news under the radar. .....Read More
No one ever expects to be hit with a large scale attack, but this is a timely reminder that they continue to occur – and even with the best security intentions, staff must remain vigilant. Whenever governments are hit with an attack they are usually quick to admit it and announce to the public, or at least those affected, immediately. This is far from what private businesses tend to announce, as they may be influenced by insurers or PR agencies, preferring to keep such news under the radar. However, I feel we could learn from such a delivery of information to better protect organisations. Reporting hacks and scams in business tends to help protect other organisations, and working collaboratively helps us reduce the future risk. There are also some excellent resources out there in the form of online training packages. With the majority now working from home, it is even more vital to retrain the workforce.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.