The affected individual said they had also been caught in the Optus hack and had done everything possible to protect their information by various methods including changing passwords.
They had gone to Service NSW at Wallsend for new driver's licence number after the Lifestyle Solutions hack but were told it would not be done unless they were already a fraud victim.
"I'm trying to stop myself becoming the victim of fraud, but they don't make it easy," the person said.
A government response yesterday did not clarify the Wallsend advice but said anyone who believed they had been "the subject of identity theft or fraud should apply for a request for a new driver licence number".
The Lifestyle Solutions spokesperson said the Office of the Australian Information Commissioner and the Australian Cyber Security Centre had been notified of the breach and "we have continued to liaise with them in relation to the event".
"Upon discovery of the cyber event, we took immediate action to deactivate our affected systems, secure our IT environment, and engage leading external forensic IT and cyber security expert advisers to assist us in responding to the event, which included conducting a full investigation into what happened," the Lifestyle Solutions spokesperson said.
Asked about the time it took to tell those affected, Lifestyle Solutions said: "Regarding notification to affected individuals, it was necessary for us to carefully analyse the potentially affected dataset to understand exactly what information may have been affected and who it belonged to so that our notification to affected individuals was accurate and did not cause any undue alarm or distress. This type of detailed analysis takes time, and we have been mindful to ensure our process and notification was as thorough and accurate as possible."
Emails show Lifestyle Solutions telling those affected it had "no reason to believe or evidence to suggest that data has been or will be misused by the third party" that obtained the information.
But one person affected said that on the details Lifestyle Solutions had provided, there was no reason to believe the information would not be misused.
"Otherwise, why take it?" the impacted individual said.
The Office of the Australian Information Commissioner confirmed it had been notified of the incident by Lifestyle Solutions, but said confidentiality requirements meant it could only give limited responses. The office said it expected any organisation covered by the Privacy Act and responding to a data breach involving personal information to act quickly and to notify those affected "as soon as possible".
Sign up for our newsletter to stay up to date.