Investigations by Cyber Security NSW into an apparent data breach of scanned NSW driver licences has confirmed a commercial entity is responsible.
“The data referred to in media coverage has been exposed via a commercial entity and is understood to include scanned copies of driver licences collected directly by the commercial entity from its customers,” Cyber Security NSW Chief Cyber Security Officer Tony Chapman said.
“The information was not provided by, nor sourced from NSW Government agencies. We do not know how long this commercial entity had this data open for and we do not know whether anybody other than the security researcher quoted in media coverage has accessed the information.”
Cyber Security NSW has warned it is the responsibility of the commercial entity to investigate this matter and notify any customers if their data has in fact been breached.
“Amazon Web Services has so far not provided information on the identity of the commercial entity, nor the customers that may have been affected by the breach,” Mr Chapman said.
“There are mandatory reporting requirements under the Office of the Australian Information Commissioner that the commercial entity needs adhere to.
“Cyber Security NSW will continue to work with other organisations to seek more information about the commercial entity involved and encourage them to reach out to their customers if their information has been breached.”
Cyber Security NSW collaborates with government agencies, emergency management, law enforcement, the private sector and other jurisdictions to enhance whole-of-government cyber capability.
In July the Cyber Security Vulnerability Management Centre, operated by Cyber Security NSW, began operating in Bathurst. It provides the NSW Government with an increased awareness of vulnerabilities in internet-facing services and assets and is critical to early identification and remediation of known vulnerabilities.
Source: NSW Department of Customer Service