What happened
In March–April 2020 a phishing attack compromised 47 Service NSW staff email accounts, exposing personal information belonging to around 104,000 customers held within those mailboxes [servicensw]. The NSW Auditor-General later examined the agency’s handling of the incident.
Timeline
- 2020-04 — Staff email accounts compromised via phishing [servicensw].
- 2020-09 — Public disclosure; ~104,000 customers affected [servicensw].
Current status
Resolved, with remediation and an Auditor-General review. [servicensw]
Why it matters
A reminder that a handful of phished mailboxes can expose large volumes of citizens’ data held in everyday email.