No passwords, banking records, credit or debit card numbers, financial records, government identifiers or health records were accessed during a cyberattack on the NSW Department of Education.
Education Department Secretary Georgina Harrisson said an investigation into last year's attack had concluded the data taken was limited to personal information such as names and email addresses.
The department's robust cyber security measures meant the attack was quickly spotted and immediate steps were taken to block it.
The department worked with the Australian Cyber Security Centre, the NSW Information and Privacy Commissioner, and the NSW Police to investigate the attack.
"We acknowledge the seriousness of this incident and apologise for the distress that the incident may have caused," Ms Harrisson said on Monday.
The department had established the necessary support services prior to notifying anyone affected.
People affected by the breach will be notified by the department and given access to advice and support from an external specialist identity protection agency.