Got Letter from NSW Government about My Private Info was Leaked From CyberAttack - Can I Take Further Action?

I recently got a letter of NSW Government Department of Education that my personal Information were leaked from a cyberattack. This coincides with my email inbox getting spammed - can I take further action on like compensation etc?

Related Stores

Department of Education - NSW Government
Department of Education - NSW Government

Comments

  • +7

    Compensation from whom?

    • +6

      Tim Berners-Lee

    • Al Gore

      • +1

        Your not being cereal.

    • The spammers

    • Its pretty obvious to either upgrade SPAM filters or change email address

      Other than you can try to sue for $10 million but it will cost $2M in legal fees so if you lose, tough luck

  • +47

    Yes. You are entitled to compensation

    • +1

      Not sure what you could claim for spam damage: Eggs?

      It is now up to you to prove an impact. The law will not help you unless you can quantify what the Internet does with your details from this point on, and that it was the stooopid edu dept that leaked it.

      It's a low blow, and a high bar, and confirms your position in Oz society as a truly mineable resource.

      • Also need to prove without doubt that the SPAM was the result of the leaked information

        Could have been due to OP's own actions (LOL)

  • +16

    You are 100% entitled to wave your fist at a cloud…

  • +1

    You have to fight a lengthy battle just to get compensated when the state does something that costs you an arm. Why would they just compensate you for this?

  • +1

    Private info is not private anymore. If it’s the cloud consider it public knowledge.

  • Are you an employee ? If so consult a lawyer. If not probably not.

  • Speak with your union rep.

  • Wait what?
    People trust 'government' with their private information now?

    geez….

  • +2

    wasn't it just details like names and addresses?
    what financial loss or suffering have you suffered since this data breach 8+ months ago that you feel should be compensated for?

  • -2

    Opsec don't keep personal data and/or information online.

    • +4

      These were staff or students which has logins for NSW education.

      Feel free to propose how NSW education should operate without knowing their staffs or students name, email addresses and physical mailing addresses.

      Opsec, live in a cave or propose unrealistic public/private key solutions for every single data interaction like its an actual solution.

      Calling the roll in rektrading school -
      Teacher:"3LYJfcfHPXYJreMsASk2jkn69LWEYKzexb?"
      Student: "here….."

      • That's a shame.

        Centralized networks are designed to get hacked. It was only a matter of time before someone found the weakest point in the Edu server.

        • That's a shame.
          Centralized networks are designed to get hacked

          in no different a way to a decentralised network.
          Store and manage your data and processes in one spot, vs store and manage your data and processes across multiple spots.
          (and no, this is not a 'decentralised blockchain' solves this problem kind of issue…)

          NSW Edu is a department and therefore already 'centralised'…

          NSW Edu still needs to be able to
          - Notify staff and students via email of issues - so therefore needs to know peoples emails
          - Know where staff life for payroll, and students live for zoning - therefore need to know peoples address
          - Know their names

          No banking, password or other usually encrypted information was breached, so one would assume NSW Edu did an acceptable job of securing and encrypting such data.

          None of these breached 'secrets' would be fixed by decentralised networks, public/private cryptography and providing NSW edu with only your private key, or managing all your own data and only providing it to NSW Edu at 'interaction' time by signing a private/public transaction, or by splitting secret data across a decentralised network (that would still need to be NSW edu controlled)

          • +1

            @SBOB: I don’t think you know much about cyber security… some of the words are correct, but used incorrectly or in the wrong context. The rest is nonsense.

            • @djsweet:

              don’t think you know much about cyber security

              Agree to disagree

              Definitely wrote private key incorrectly in one case from a quick skim.
              Can't be bothered re proof reading the rest now to correct any other errors in my quickly typed out earlier response.

              But whatever..centralised servers are made to he hacked, decentralised systems solve all the world's problems

  • +5

    Post the leaked info here for an accurate valuation….

  • +1

    See the SA Govt hack for precedence. You won't like the outcome.

    • +1

      Thanks for the tip.

      Personal details of nearly 80,000 South Australian public sector workers accessed in cyber attack, government confirms
      Posted Tue 14 Dec 2021 at 6:22pm
      https://www.abc.net.au/news/2021-12-14/sa-government-confirm…

      They spend $100,000s of taxpayer money on cyber security every year and still manage to fail to keep the data secure.

      • +2

        They spend it, but not on keeping data secure. That would require them to spend effort on making existing, and new data secure. Instead they just "have a go" at securing existing data. Almost everything else carries on unchanged; so data shared far and wide, by default, negligence, accident, and worse.

      • +1

        $100k is literally drop in the ocean…
        a single info sec person's wage would be more than that, and yearly compliance checks and reports and audits will cost a fair bit for the size of SA gov too.

  • -1

    BuT I AM EnTiTLed to those CoMpEnSaTiOn DoLLaRs from the GuVmEnT coz they have LoTs Of MoNeY!!!

  • And they want everyone to switch to digital ID. With identity theft, the thieves can take everything.

    • Digital ID works if they use the right network. A network that requires the user to approve the sharing of data and can revoke when they don't want to share.

  • Can I take further action…?
    Well, the hackers now have details such as your address.
    Combine that with details from your Facebook page like your date of birth and they have low hanging fruit ripe for the plucking.
    So tighten up your security all round. Change all your passwords, use 18 digit passwords, different for every site that you use, you will need a password manager to handle this. And 2FA wherever you can use it, or apps like Authenticator.
    Take some personal responsibility for your cybersecurity instead of bleating about compensation.

Login or Join to leave a comment