Expert Comments

Expert On News: Attack on Service NSW compromises citizen data

Expert(s): Security Experts
Expert(s): Security Experts

The New South Wales government has confirmed it was the target of a malicious phishing attack, after reports that a staff member from Service NSW clicked on a suspicious link from an email. According to an investigation by Service NSW, 47 employees’ email accounts were accessed illegally, while they are still working to confirm the scope of the attack on the personal information of customers. The compromised data in the email accounts breached largely related to transactions over the phone or over-the-counter at a Service NSW Centre. Service NSW has established a dedicated team to offer help to affected customers, according to ZDNet.

Experts Comments

May 14, 2020
Ed Macnair
CEO
Censornet
There’s one clear lesson from the breach against Service NSW: never underestimate email attacks. Phishing is probably the best known method of cyber attack, which often means that organisations assume it’s not a type of attack they need to worry about. This is incredibly counterintuitive, phishing is so popular because time and time again it proves effective, and criminals’ phishing techniques have become more sophisticated over recent years. Organisations should not expect that their.....Read More
There’s one clear lesson from the breach against Service NSW: never underestimate email attacks. Phishing is probably the best known method of cyber attack, which often means that organisations assume it’s not a type of attack they need to worry about. This is incredibly counterintuitive, phishing is so popular because time and time again it proves effective, and criminals’ phishing techniques have become more sophisticated over recent years. Organisations should not expect that their staff will be able to spot them – protective technology should be in place. In this case, almost 50 staff accounts were compromised. As Service NSW itself has identified, this makes it a significant breach because each member of staff will have emails that contain sensitive information of citizens of New South Wales. It will take a long time to work out just how much personal information could have been accessed by criminals and to alert everyone who could have been affected. Organisations should remember that cyber criminals, like all criminals, will use the point of attack with the least resistance and the least likelihood of triggering the alarm. Often that is utilising the easiest and proven techniques such as phishing.  Read Less
May 14, 2020
Jake Moore
Cybersecurity Specialist
ESET
No one ever expects to be hit with a large scale attack, but this is a timely reminder that they continue to occur – and even with the best security intentions, staff must remain vigilant. Whenever governments are hit with an attack they are usually quick to admit it and announce to the public, or at least those affected, immediately. This is far from what private businesses tend to announce, as they may be influenced by insurers or PR agencies, preferring to keep such news under the radar. .....Read More
No one ever expects to be hit with a large scale attack, but this is a timely reminder that they continue to occur – and even with the best security intentions, staff must remain vigilant. Whenever governments are hit with an attack they are usually quick to admit it and announce to the public, or at least those affected, immediately. This is far from what private businesses tend to announce, as they may be influenced by insurers or PR agencies, preferring to keep such news under the radar. However, I feel we could learn from such a delivery of information to better protect organisations. Reporting hacks and scams in business tends to help protect other organisations, and working collaboratively helps us reduce the future risk. There are also some excellent resources out there in the form of online training packages. With the majority now working from home, it is even more vital to retrain the workforce.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT

You may also like

Planned Parenthood LA breached, Experts Weigh In

Data Security Comment: Colorado Energy Company Loses 25 Years Of...

Colorado Energy Company DMEA Loses 25 Years Of Data After...

Governemnt Data Breach Of New Years Honours Recipients

New Malvertising Campaign Spreads Backdoors, Malicious Chrome Extensions

DNA Testing Firm Discloses Data Breach Affecting 2.1 Million People

Data Hacked For 400,000 LA Patients

IKEA Suffering Ongoing “Reply-Chain” Email Attack

Cybersecurity Expert Reaction On UK’s Financial Regulator Scraps 90-day Authentication...

DNA Testing Firm Discloses Data Breach Affecting 2.1 Million People

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts