Tens of thousands of people in NSW have had sensitive information leaked following a massive data breach involving driver’s licences.
More than 50,000 NSW residents have had their driver’s licences leaked in a massive data breach, exposing sensitive information including names, photos, dates of birth, and addresses.
Ukrainian security consultant, Bob Diachenko, accidentally uncovered the breach when looking into another incident.
According to the ABC, Diachenko described that the easily discoverable folder was left exposed in open cloud storage hosted by Amazon. The folder contained scans of the front and back of around 54,000 licenses, totalling 108,535 images, as well as tolling notices.
It’s not known how long the files were accessible for, yet the breach has left the data open to “malicious actors” who can “impersonate somebody and apply for credit, or do something on behalf of that person.”
“For example, you take one licence and connect the dots with one owner of this licence, with his or her emails exposed in another data breach and you’ve got more information on that person,” Diachenko described to the ABC.
If I pub or club ever asks to scan your licence to gain entry this is why you tell them to go fuck themselves and request to sign in manually. https://t.co/uKmZBPrNwu
— Wseries (@Wseries) August 28, 2020
NSW Transport has claimed that they are not responsible for the breach and indicated that it was linked to an unnamed commercial business. They are currently investigating the issue; however, they are yet to notify the tens of thousands of people who have been affected.
I don’t think it’s quite that clear cut – no “official” data was given – but I would agree that the NSW government should not allow its suppliers to hold license data for longer than is required to complete a transaction.
— 25 million people (@alang) August 31, 2020
