Service NSW data briefly exposed to other users due to bug.

Service NSW data briefly exposed to other users due to bug.

Service NSW Apologizes for Brief Software Bug that Exposed Users’ Information.

 

Service NSW has issued an apology after a software bug briefly allowed users to view other users’ information on the “My services” dashboard. A spokesperson for Service NSW has confirmed that the issue was present on Monday, March 20, between 1:20 pm and 3:00 pm. The problem was limited to the landing dashboard when customers logged in via the website, with no issues identified with the Service NSW mobile application. The spokesperson stated that the issue may have impacted roughly 3700 users before the dashboard page was taken down.

 

The spokesperson went on to confirm that the incident was not a cyber attack, and that affected customers and the NSW Information and Privacy Commission were notified on the day of the incident. A review of the incident is ongoing to ensure that Service NSW has measures in place to prevent similar incidents in the future.

 

The issue first came to light when Twitter user Richard Nelson (@wabzqem) posted the email he received from Service NSW. During the incident, users could see someone else’s information from any linked service, which could include driver’s licenses, vehicle registration, various vouchers, senior card, and conveyancing licenses, according to the notification. The linked information could include license numbers, names and addresses, compulsory third-party insurance details, and more.

 

The email sent to affected users stated that they did not need to take any immediate action. The service believes that any personal information available through linked services was only available to another logged-in user for a short period of time and was not searchable.

 

Service NSW has apologized for any inconvenience caused and will continue to keep users informed of any developments.