The NSW Department of Education has now completed a comprehensive forensic analysis of the cyberattack against its servers in July 2021 and is now preparing to notify affected people.
NSW Department of Education Secretary Georgina Harrisson confirmed no passwords, banking records, credit/debit card numbers, financial records, government identifiers or health records were accessed in the attack.
"Based on this investigation, the data taken in the attack was limited to personal information such as names and email addresses," Ms Harrisson said.
"Thanks to the robust cyber security measures required of all NSW government departments, the Department of Education was able to spot the attack unfolding and take immediate steps to block it.
"The department has been working with the Australian Cyber Security Centre, the NSW Information and Privacy Commissioner, and the NSW Police to investigate the attack.
"We acknowledge the seriousness of this incident and apologise for the distress that the incident may have caused."
The Department has now established the necessary support services prior to notifying affected persons.
If a person receives a notification from the department, they have been affected by the breach.
Affected persons will be able to access individual advice and support from an external specialist identity protection agency.
If a person does not receive a notification, they do not need to take any further action regarding this incident.
