A significant data breach affecting the NSW Online Registry website has prompted a major investigation. Approximately 9,000 sensitive court files, including apprehended violence orders and affidavits, were accessed by a hacker. Authorities are working to determine the extent of the breach and what data was viewed.
The Website Data Breach and its Impact
The breach, discovered on Tuesday, involved the Department of Communities and Justice (DCJ)’s Online Registry. This secure platform provides access to information from both civil and criminal cases across the NSW court system. The compromised files were downloaded via the online public registry used for document uploads.
NSW Police launched Strike Force Pardey to investigate. Acting Superintendent Jason Smith confirmed that data potentially included information on apprehended violence orders and details of minors.
He stated, “If you have concerns about your safety as a result of this data breach you should contact your local police station.”
He also advised those concerned about identity document compromise to contact ID Support NSW.
The Investigation and Timeline
NSW Attorney-General Michael Daley stated that it will take approximately a week to determine precisely what data the hacker accessed and what actions were taken.
He explained, “What we don’t know yet is which files were actually accessed and what the hacker did with them, whether he or she just viewed them or downloaded and shared them.”
He further clarified that, as of Thursday morning, no compromised data had appeared on the dark web or elsewhere in the public domain.
The breach was identified during a routine security check, revealing unauthorized access to the system via a Python script. The DCJ swiftly shut down the compromised account and addressed the vulnerability, halting further unauthorized access. Mr. Daley emphasized, “As soon as they did that the hack stopped.”
The DCJ is contacting affected account holders to inform them of the situation and next steps. A spokesperson for the DCJ confirmed that, to their knowledge, none of the compromised data has been publicly shared.
They stated, “DCJ is working to urgently identify and contact affected users and will provide updates as more information becomes available.”
Key Details
- Affected System: NSW Online Registry (Department of Communities and Justice)
- Files Accessed: Approximately 9,000 sensitive court files, including apprehended violence orders and affidavits.
- Investigation Status: Ongoing, with a timeline of approximately one week to determine the extent of data compromise.
- Public Domain Data: No compromised data has been found in the public domain (dark web included).
- Action for Concerned Individuals: Contact local police for safety concerns or ID Support NSW for identity document concerns.
This ongoing investigation highlights the critical importance of robust cybersecurity measures for government agencies handling sensitive data. The NSW government is committed to fully investigating this incident and taking necessary steps to prevent future breaches.
