NSW Labor is demanding the state government notify more than 50,000 motorists whose licences were exposed through an unsecured cloud storage site.
The Shadow Minister for Better Public Services, Ms Sophie Cotsis, said, ‘There is no mandatory notification requirement for data breaches in NSW. That’s not good enough. Any drivers whose licence details have been exposed deserve to know what happened.’
The data breach means the names, addresses, dates of birth and driver licence numbers of 50,000 people have been available online, putting affected licence holders at increased risk of identity theft and fraud.
‘The NSW Government must explain how this happened and immediately notify people whose details have been exposed,’ Ms Cotsis said.
‘NSW Labor has requested an investigation of this data breach by the Information and Privacy Commissioners and the NSW Auditor-General.
‘We also expect this matter will be examined by a Parliamentary Inquiry into Cyber Security which was established earlier this month’.
The leak of more than 50,000 driver licences follows other cyber security incidents, including:
- In May 2020, cyber criminals compromised 47 Service NSW staff accounts, potentially exposing the private information of thousands of people in NSW.
- On Sunday, 21 June 2020, it was reported Transport for NSW had experienced a major system outage which was attributed to a malicious hack.
- In December 2019, the Auditor-General reported that 47 percent of NSW Government agencies are at ‘maturity level zero’ for use of eight essential cyber security strategies recommended by the Australian Cyber Security Centre.
- In November 2019, the Auditor-General reported there had been 3,324 data breaches across NSW Government agencies.
The NSW ALP have suggested that public sector agencies should be required to notify people who have been affected by serious privacy breaches.
‘Labor introduced a private member’s bill to achieve this, however the NSW Government voted it down in August 2019,’ said Ms Cotsis.