NSW delivers on key cyber breach recovery commitment


In an Australian first partnership deal, the NSW Government has teamed with identity recovery service IDCARE to provide support to customers impacted by cyber breaches targeting public agencies.

The launch of the whole-of-government digital ID recovery service, developed by not-for-profit identity and cyber support service IDCARE, marks the NSW Government’s first tangible step to meeting a core commitment from its 2018 Cyber Security Strategy – namely, to support customers whose identities have been compromised as a result of a cyber breach.  
The partnership deal will provide all NSW Government departments, agencies and customers with direct access to IDCARE’s data recovery and support service. 
IDCARE bills itself “a human-centred” assistance service, connecting members of the public affected by digital breach incidents to its own specialist identity and cybersecurity counsellors and analysts. 
The service is equipped to support customers impacted by a number of identity and cybersecurity incidents, including identity theft, hacking, phishing, telephone scams, romance scams, investment scams, data breaches, ransomware, and lost or stolen credentials. 
In addition to its post-breach activity, IDCARE says it can also assist individuals and organisations to boost cyber resilience, offering guidance to address deficiencies and vulnerabilities in cybersecurity postures. 
As part of an initial funding arrangement for IDCARE, NSW Government departments and agencies will be limited to 500 individual referrals to its service, “to be used as required”. It is not known whether an option to extend this limit has been negotiated.  
NSW Chief Cyber Security Officer Tony Chapman said that the arrangement would provide “a very practical and meaningful way the NSW Government can support customers impacted by scams, identity crimes and cybercrimes.” 
IDCARE managing director, David Lacey, praised the Government’s ready embrace of the recovery program. 
“The NSW Government has shown great leadership in responding to the needs of those impacted. Connecting impacted residents to IDCARE quickly can make a real difference to the harm they experience online, the exposure they have to other crimes, and the timeliness of their response efforts,” Professor Lacey said. 
So far this year, the NSW Information and Privacy Commission has received notice of 49 separate breach incident from public sector institutions, provided as part of the state’s Voluntary Data Breach Notification scheme. Nearly four out of five of these breach incidents have directly impacted the state government.
Agencies or departments may access the IDCARE Identity Recovery Service by contacting cybersecurity@finance.nsw.gov.au