<?xml version="1.0" encoding="ISO-8859-1"?> <docID>341214</docID> <postdate>2025-03-27 15:54:08</postdate> <headline>Cyber detectives scour court system breach for leaks</headline> <body><p><img class=" wp-image-341215" src="https://citynews.com.au/wp-content/uploads/2025/03/20130916000790657056-original-1-scaled.jpg" alt="" width="1075" height="715" /></p> <caption>It's believed more than 9000 files have been accessed in a NSW court system data breach. (Dan Peled/AAP PHOTOS)</caption> <p class="wire-column__preview__author"><span class="kicker-line">By <b>Luke Costin</b> in Sydney</span></p> <p><strong>Officials are scrambling to work out what sensitive personal details have been exposed by a data breach involving Australia's largest online court-filing system.</strong></p> <p>NSW JusticeLink allows lawyers, police and businesses to upload sworn statements, identity information and other files for the 400,000-plus court cases filed each year.</p> <p>But the government revealed on Thursday an account had used automation to download more than 9000 files before being booted from the system.</p> <p>Work was ongoing to discover what information leaked out of the system and whether victims of crimes had been put in any danger.</p> <p>Justice department officials blocked the account almost immediately after the incident last week, and spent the weekend analysing the extent of the unlawful access before police were notified on Tuesday.</p> <p>Inquiries into the user's identity, what files were accessed and whether the account was compromised are all ongoing.</p> <p>"Cyber criminals routinely gain access to other people's credentials and accounts to gain access to systems," Cybercrime Squad commander Jason Smith said.</p> <p>"At this point in time, we just simply don't know (how it happened)."</p> <p>Detective Chief Inspector Smith would not speculate on whether domestic violence victims and other vulnerable people involved in the court system were caught up in the breach.</p> <p>But he suggested people take precautions, including by contacting local police and ID Support NSW.</p> <p>Attorney-General Michael Daley warned it would likely take a week before investigators knew "exactly what has happened with those files and the exact nature of the data that was viewed by the hacker".</p> <p>"The important thing is the government's taking this seriously, because this is a system that stores public data securely," he said.</p> <p>Digital forensics expert Andrew Collins said officials would be "scrambling internally, pulling logs and so forth" in an attempt to work out what went on.</p> <p>Based on the limited information available, he suspected the account in question had been compromised either through techniques known as phishing, spear phishing or through a weak password.</p> <p>"There is about 4000 of these (data breaches) a year and most of them don't get broadcast so good on the government for coming clean," he told AAP.</p> <p>The former long-time healthcare and government tech executive emphasised the need for people to turn on multi-factor authentication on every digital account to keep nefarious people out.</p> <p>"Without multi-factor, you're just waiting to be hacked," Mr Collins said.</p> <p>A system patch to prevent similar incidents was pushed through on Wednesday night.</p> <p>The breach comes after 3.8 million documents held on government portal Service NSW were illegally accessed in 2020.</p> <p>That hack, affecting up to 186,000 people, involved 47 staff email accounts without multi-factor authentication being compromised through phishing attacks.</p> <p>Australian Parliament House networks were breached by a malicious state actor, likely China, in another sophisticated phishing attack in 2019.</p> </body>