Service NSW has apologised for a software bug that briefly allowed users to view each others’ information on the “My services” dashboard.
A Service NSW spokesperson told iTnews the issue was present between 1.20pm and 3pm on Monday, March 20.
“The problem was limited to the landing dashboard when customers logged in via the website. No issues were identified with the Service NSW mobile application,” the spokesperson said.
Service NSW said the issue may have impacted 3700 users, before the dashboard page was taken down.
“Service NSW can confirm the incident was not a cyber attack”, the spokesperson said.
Affected customers and the NSW Information and Privacy Commission were notified on the day of the incident, the spokesperson said.
“A review of the incident is continuing to ensure Service NSW has measures in place to prevent similar incidents.”
The issue became public knowledge when Twitter user Richard Nelson, @wabzqem, posted the email he received from Service NSW.
During the incident, a user might see someone else’s information from any linked service – which could include driver’s licenses, vehicle rego, various vouchers, senior card, and conveyancing licenses, according to the notification.
The linked information could include license numbers, names and addresses, compulsory third party insurance details, and more.
“You do not need to take any immediate action”, the email stated.
“We believe that any personal information available through your linked services was only available to another logged-in user for a short period of time and was not searchable.”
Source – https://www.itnews.com.au/news/bug-briefly-exposed-service-nsw-data-to-other-users-592907