Privacy Commissioner Statement on the Service NSW cyber incident - December 2020


The Privacy Commissioner has received further updates from the Department of Customer Service regarding the data breach resulting from a cyber incident earlier this year and the actions being taken by Service NSW to notify and support customers affected by the breach.

Service NSW has advised the Privacy Commissioner that the ongoing investigation into the breach has identified that the scope of data accessed by the cyber attackers was not as significant as initially believed.

The initial investigation into the breach estimated that 186,000 people were affected by the breach. That figure has now been revised downwards, with 80,000 less people now believed to have been affected.

Service NSW has advised that this new information means that some 25,000 people have been incorrectly notified about the breach. Service NSW is now in the process of sending letters to customers who were incorrectly notified to provide them with updated information about the breach.  

Support for people affected by the breach is available through the Service NSW Hypercare team, as well as through IDCare, which is Australia & New Zealand's national identity and cyber support service. Details about how to access the Hypercare and IDCare services are available in the letter sent to each individual to notify them of the breach.

The Privacy Commissioner will continue to provide advice and assistance to Service NSW in relation to the privacy impacts arising from the incident, in order to provide the best outcomes for people affected.


For further information, please contact:

IPC media team on 0435 961 691 or email

About the Information and Privacy Commission:

The Information and Privacy Commission NSW (IPC) is an independent statutory authority that administers New South Wales’ legislation dealing with privacy and access to government information. The IPC supports the Information Commissioner and the Privacy Commissioner in fulfilling their legislative responsibilities and functions and to ensure individuals and agencies can access consistent information, guidance and coordinated training about information access and privacy matters.

About the NSW Privacy Commissioner

Samantha Gavel was appointed as NSW Privacy Commissioner on 4 September 2017. Her role is to promote public awareness and understanding of privacy rights in NSW, as well as provide information, support, advice and assistance to agencies and the general public.

For further information about the IPC visit our website at

Download a copy of the statement here.

Please note since June 2021, the IPC media team email address has changed. Please send all media enquiries to All emails sent to the old CCA Digital address will be forwarded to the new address until switch over completion in December 2021.