By Luke Costin in Sydney

Officials are scrambling to work out what sensitive personal details have been exposed by a data breach involving Australia’s largest online court-filing system.

NSW JusticeLink allows lawyers, police and businesses to upload sworn statements, identity information and other files for the 400,000-plus court cases filed each year.

But the government revealed on Thursday an account had used automation to download more than 9000 files before being booted from the system.

Work was ongoing to discover what information leaked out of the system and whether victims of crimes had been put in any danger.

Justice department officials blocked the account almost immediately after the incident last week, and spent the weekend analysing the extent of the unlawful access before police were notified on Tuesday.

Inquiries into the user’s identity, what files were accessed and whether the account was compromised are all ongoing.

“Cyber criminals routinely gain access to other people’s credentials and accounts to gain access to systems,” Cybercrime Squad commander Jason Smith said.

“At this point in time, we just simply don’t know (how it happened).”

Detective Chief Inspector Smith would not speculate on whether domestic violence victims and other vulnerable people involved in the court system were caught up in the breach.

But he suggested people take precautions, including by contacting local police and ID Support NSW.

Attorney-General Michael Daley warned it would likely take a week before investigators knew “exactly what has happened with those files and the exact nature of the data that was viewed by the hacker”.

“The important thing is the government’s taking this seriously, because this is a system that stores public data securely,” he said.

Digital forensics expert Andrew Collins said officials would be “scrambling internally, pulling logs and so forth” in an attempt to work out what went on.

Based on the limited information available, he suspected the account in question had been compromised either through techniques known as phishing, spear phishing or through a weak password.

“There is about 4000 of these (data breaches) a year and most of them don’t get broadcast so good on the government for coming clean,” he told AAP.

The former long-time healthcare and government tech executive emphasised the need for people to turn on multi-factor authentication on every digital account to keep nefarious people out.

“Without multi-factor, you’re just waiting to be hacked,” Mr Collins said.

A system patch to prevent similar incidents was pushed through on Wednesday night.

The breach comes after 3.8 million documents held on government portal Service NSW were illegally accessed in 2020.

That hack, affecting up to 186,000 people, involved 47 staff email accounts without multi-factor authentication being compromised through phishing attacks.

Australian Parliament House networks were breached by a malicious state actor, likely China, in another sophisticated phishing attack in 2019.