NEWS

National News

Cyber breach clean-up expected to hit $7m

A cyber attack on NSW government employee email accounts that exposed the data of 186,000 people earlier this year is expected to cost the state $7 million.

Service NSW launched an investigation on April 22 after discovering a possible breach and found the email accounts of 47 staff had been illegally accessed.

The agency is the main customer service hub of the state government, and is responsible for managing drivers' licences, firearm registrations, births, deaths and marriage records and more.

About 500,000 documents relating to 186,000 customers were affected in the breach.

A footnote in the state budget handed down on Tuesday revealed the cyber attack is forecast to leave a multimillion dollar hole in the state's coffers.

"Investigations into this matter are still ongoing however, Service NSW is expected to incur legal and investigation costs of approximately $7 million," it reads.

Opposition public service spokeswoman Sophie Cotsis says it is the largest data breach in NSW history and could have been easily avoided.

"The NSW Government's failure to implement basic cyber security measures means $7 million has been wasted," Ms Cotsis said.

The state's Chief Cyber Security Officer Tony Chapman in September said over half of the cyber breaches that occurred in NSW government agencies in 2019 could have been prevented by multi-factor authentication.

Multi-factor authentication requires anyone logging in to an account from an unrecognised device to verify their identity in addition to their password.

"The NSW Government could have used that $7 million to pay the salaries of 90 nurses or 100 teachers, but instead it has been spent on legal bills," Ms Cotsis said.

"The real cost of this cyber attack has been borne by the 186,000 people who have been forced to spend time protecting their identities in order to stop cyber criminals exploiting this stolen data."

There is no evidence that individual MyServiceNSW account data or Service NSW databases were compromised in the breach.

© AAP 2020