Incident: Bug briefly exposed Service NSW data to other users | iTnews
Australian State Government Cyber Incident, 04 April 2023
Bug briefly exposed Service NSW data to other users
‘technical issue’ may have exposed data of 3700 customers
Service NSW has apologised for a software bug that briefly allowed users to view each others’ information on the “My services” dashboard.
The agency said it believed the personal information available during the 94-minute window was not searchable and was isolated to the website.
Personal data – including driver’s licences, their children’s names and mobile phone numbers – may have been ‘exposed’
Service NSW said the issue may have impacted 3700 users, before the dashboard page was taken down.
“Service NSW can confirm the incident was not a cyber attack”, the spokesperson said.
Affected customers and the NSW Information and Privacy Commission were notified on the day of the incident, the spokesperson said.