Oh jeez: more than 54,000 NSW driver’s licences exposed in data breach

Tens of thousands of people in NSW have had sensitive information leaked following a massive data breach involving driver’s licences.

More than 50,000 NSW residents have had their driver’s licences leaked in a massive data breach, exposing sensitive information including names, photos, dates of birth, and addresses.

Ukrainian security consultant, Bob Diachenko, accidentally uncovered the breach when looking into another incident.

nsw driver's licence breach
Photo: NSW Government

According to the ABC, Diachenko described that the easily discoverable folder was left exposed in open cloud storage hosted by Amazon. The folder contained scans of the front and back of around 54,000 licenses, totalling 108,535 images, as well as tolling notices.

It’s not known how long the files were accessible for, yet the breach has left the data open to “malicious actors” who can “impersonate somebody and apply for credit, or do something on behalf of that person.”

“For example, you take one licence and connect the dots with one owner of this licence, with his or her emails exposed in another data breach and you’ve got more information on that person,” Diachenko described to the ABC.

NSW Transport has claimed that they are not responsible for the breach and indicated that it was linked to an unnamed commercial business. They are currently investigating the issue; however, they are yet to notify the tens of thousands of people who have been affected.