The departments for transport and cyber security in Australia’s biggest state are investigating how tens of thousands of people had images of their driver’s licence leaked online, and have so far blamed a private company for the breach.
A cache of more than 108,000 images showing the front and backs of NSW driver’s licences was freely available on an Amazon cloud server according to the Ukrainian security consultant that stumbled upon them, Bob Diachenko.
He told the ABC the licences and tolling notices that were on the server represented a “dangerous exposure”.
RELATED: Official caught in Zoom sex scandal
RELATED: ‘Mess’ not even Google understand
RELATED: ‘Who are you?’: Students sent porn
The photos contained names, addresses, birth dates and other sensitive information, which Mr Diachenko said could be combined with other information such as a compromised email address to steal someone’s identity.
The data could also command a high price on the black market.
Transport for NSW told the ABC it “does not retain, nor collect tolling data in the manner described”, while the NSW Privacy Commissioner blamed a commercial business and said it was not associated with the NSW government or any of its agencies.
Amazon reportedly removed the data cache after being contacted by the Australian Cyber Security Centre.
Microsoft regional director and creator of an online tool that tells you whether your email account details have been compromised in a data breach Troy Hunt said it was “worrying to not have an official response” last week, and told the ABC licenceholders should have been notified.
In May, Service NSW was targeted, with 47 employee accounts being hacked.