NSW in licence leak fight
The NSW Government is in a standoff with Amazon over a driver's licence data breach.
Front and back scans of tens of thousands of NSW driver's licences which included full names, addresses and dates of birth have been discovered among documents discovered by a security consultant in Ukraine on an accessible server hosted by Amazon.
The NSW Government has been slammed for the apparent breach, and further criticised for not notifying NSW drivers that their personal details have been exposed.
Service NSW says it is working with third-party organisations to identify the owner of the Amazon Web Service (AWS) ‘bucket’ which hosted the documents.
The government agency says the tech giant is not playing along.
“AWS currently won't disclose the name of the entity, but have confirmed it is a commercial entity,” a Cyber Security NSW spokesperson said this week.
Cyber Security NSW says it is trying to make the commercial entity aware “of its responsibilities to report and remediate any breach”.
“We do not know how long this commercial entity had this data open for,” said Cyber Security NSW chief security officer Tony Chapman.
“We do not know whether anybody other than the security researcher quoted in media coverage has accessed the information.”
Reports say the Amazon customer most likely misconfigured the default privacy settings on their cloud service.
The NSW Government is being pushed to notify any customers whose details were in the cloud directory, but Service NSW says this is Amazon’s responsibility.