Service NSW has issued an email to 3700 users who logged into their system on the 20th of March between 1:20pm and 2:54pm. The email informs them that their details may have been leaked.
To begin with the timing is strange. It is very unusual to start at 1:20pm as it is typically standard practice to not make a change to code or system during busy hours. So, why did they make an update at this time?
Furthermore the change exposed sensitive details for others logged in, which sounds like a major change (authentication change) to perform in the middle of the day.
An image of the notification email is below:
Contact our team of experts at Vertex Cyber Security for assistance with all your cyber security needs.