BUDGET REVEALS $7 MILLION COST OF SERVICE NSW CYBER ATTACK
A footnote buried in the NSW Budget has revealed the NSW Government expects to spend $7 million on legal bills as a results of a cyber attack on Service NSW.
In September this year, the NSW Government revealed cyber criminals had stolen 3.8 million documents relating to 186,000 people from Service NSW. The hack is believed to be the largest data breach in the history of NSW.
A footnote buried on page C – 2 of Budget Paper No. 1 (Budget Statement) states:
In April 2020, Service NSW alerted police and authorities to a cyber-attack that has potentially compromised customer information. Investigations into this matter are still ongoing however, Service NSW is expected to incur legal and investigation costs of approximately $7 million.
The head of Cyber Security NSW has stated the hack could have been avoided if Service NSW had used multifactor authentication for staff logins.
“The NSW Government’s failure to implement basic cyber security measures means $7 million has been wasted,” Shadow Minister for Better Public Services Sophie Cotsis said.
“The NSW Government could have used that $7 million to pay the salaries of 90 nurses or 100 teachers, but instead it has been spent on legal bills.
“The Government has tried to bury this cost by hiding it in a footnote.
“The $7 million cost revealed in this footnote only reflects legal and investigation costs for the NSW Government.
“The real cost of this cyber attack has been borne by the 186,000 people who have been forced to spend time protecting their identities in order to stop cyber criminals exploiting this stolen data.
“NSW Labor will keep asking questions about the true cost of this attack through a Parliamentary Inquiry into Cyber Security which is currently underway.”