Service NSW has revealed that hackers stole 738GB of its data.

Service NSW says the hackers behind an email compromise attack earlier this stole 3.8 million documents, including the personal information of 186,000 customers.

A total of 47 team members had their email accounts compromised.

But Service NSW has not yet notified affected customers, over four months after the breach took place.

The agency says it has reached the “final stages of analysis into the cyber-attack” and is “working to notify customers who had personal information in the breach”. 

“The investigation has taken four months and required a highly technical approach to identify the exact amount of customer information in the 3.8 million documents (738 gigabytes of data) stolen from the email accounts,” Service NSW said in an update.

“This rigorous first step surfaced about 500,000 documents which referenced personal information.

“We are now able to focus on providing the best advice for approximately 186,000 customers we’ve identified with data in the breach.”

Service NSW has described the email compromise as a “criminal attack” that is the subject of a “NSW Police investigation”.

“The cyber incident was a criminal attack. Cyber-attacks occur daily, and we are often able to intercept them. On this occasion we couldn’t stop the attack,” it said.

Affected customers will be notified using “personalised letters” offering support services “including individual case managers for complex circumstances”.