News and media releases

Service NSW cyber incident

07 September 2020

Earlier this year Service NSW was the target of a malicious phishing attack. Data held within the email accounts of 47 Service NSW staff members was illegally accessed.

Service NSW has been working closely with forensic specialists, the police and relevant NSW and federal cyber security agencies, along with the NSW Information and Privacy Commission.

Now, Service NSW is communicating with affected individuals with detailed and tailored advice and support.

The distribution of notification letters will be done via Registered Australia Post which customers will need to show ID and sign for. These start this week (from 8 September) and are expected to be complete by December. Service NSW will go above and beyond its legal obligations and notify as many as people as possible based on assessment of harm and the data review. Customers identified by this breach will be notified by registered mail because it’s a secure, trusted method.

For more information please visit the Service NSW website.