As of today, over 54,000 licences in NSW have been leaked through a data breach, and for the first time in months, I wish I lived in Melbourne.
NSW Transport is reportedly yet to alert tens of thousands of people who have been affected by this breach, which involved full driver’s licences being mistakenly left exposed in open cloud storage for anyone to see.
This open cache was discovered sometime last week by Ukrainian security consultant Bob Diachenko who stumbled upon the records while investigating another data breach.
According to Diachenko, the storage folder was easily discoverable and contained pictures of the back and fronts of NSW licenses. Essentially, 108,555 images were stored on the cloud, which means around 54,000 licences.
“A malicious actor can impersonate somebody and apply for credit, or do something on behalf of that person,” Diachenko said to ABC News.
“For example, you take one licence and connect the dots with one owner of this licence, with his or her emails exposed in another data breach and you’ve got more information on that person.”
It is, as of yet, a mystery as to how these licences became breached in the first place. The office of the NSW Privacy Commissioner, which is in charge of monitoring all data breaches within State Gov. departments reported that the data was linked to an unnamed private business.
This issue is currently under investigation thanks to the help of NSW Transport.
