Unnamed company blamed for NSW driver's licence leak


By Dylan Bushell-Embling
Thursday, 03 September, 2020

Unnamed company blamed for NSW driver's licence leak

Cyber Security NSW has confirmed a data breach involving around 54,000 driver's licences being leaked online, blaming an unnamed commercial entity.

ABC News reported yesterday that a storage folder on AWS containing over 100,000 images including front and back scans of NSW licences had been discovered by a security researcher in an easily discoverable public-facing folder.

The leaked images revealed names, photos, dates of birth and addresses of drivers, making it a potentially serious data leak.

Transport for NSW had denied that the collection of files involved in the leak was related to any government system, an assertion Cyber Security NSW has now confirmed.

“The data referred to in media coverage has been exposed via a commercial entity and is understood to include scanned copies of driver licences collected directly by the commercial entity from its customers,” Cyber Security NSW Chief Cyber Security Officer Tony Chapman said.

“The information was not provided by, nor sourced from NSW Government agencies. We do not know how long this commercial entity had this data open for and we do not know whether anybody other than the security researcher quoted in media coverage has accessed the information.”

According to the agency, it is the responsibility of the commercial entity to investigate the leak and notify any customers if their data has in fact been breached.

“Amazon Web Services has so far not provided information on the identity of the commercial entity, nor the customers that may have been affected by the breach,” Chapman said.

“There are mandatory reporting requirements under the Office of the Australian Information Commissioner that the commercial entity needs adhere to.”

Chapman added that Cyber Security NSW will continue to work with other organisations to seek more information about the commercial entity involved and encourage them to meet their disclosure obligations.

These organisations could include government agencies, emergency management, law enforcement and members of the private sector.

According to reports, the Australian Cyber Security Centre is also on the case and had contacted Amazon to have the data taken offline within hours of being alerted.

Image credit: ©stock.adobe.com/au/kichigin19

Related Articles

Secure-by-design software development for digital innovation

The rise of DevSecOps methodologies and developments in AI offers every business the opportunity...

Bolstering AI-powered cybersecurity in the face of increasing threats

The escalation of complex cyber risks is becoming a pressing issue for those in business...

How attackers are weaponising GenAI through data poisoning and manipulation

The possibility for shared large language models to be manipulated through data poisoning...

Content from other channels on our network

The fire on Marley's Hill

Sanctions on Hytera halted by appeals court

MXene-based compound to enable 3D-printed antennas

Long-range drones used to surveil bushfires in NSW

Luxembourg DoD adds satcom ground infrastructure

Department of Agriculture modernises TAMS system

SA Water revamping spend management platform

Cobalt Iron nabs EU patents for security techniques

New online resource to support employment of ex-service people

Good evidence confuses ChatGPT when used for health information: study

Monash University home to three electron microscopes

Hidden semiconductor activity spotted by researchers

Researchers develop programmable photonic processor

UV broadband spectrometer enhances air pollutant analysis

Novel material improves stability, efficiency of PSCs

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd