Australian state transport agency hit by cyber attack

Sydney's skyline at dusk
(Image credit: Getty Images)

The Australian state of New South Wales’s (NSW) transport agency, Transport for NSW, revealed today that it had been impacted by a cyber attack in early April 2022.

The attack focused on the agency’s Authorised Inspection Scheme (AIS) online application system. This is a system that authorises examiners to inspect vehicles to meet safety requirements. To do this, users must input personal details like their name, phone number, email address, driver’s licence number, and date of birth.

During the incident, an unauthorised third party successfully accessed a small number of the application’s user accounts, stated Transport for NSW. It’s notifying affected examiners individually and providing options to help them avoid further impacts from the incident.

Additional security measures were put in place and monitoring of the application is continuing, although Transport for NSW didn’t reveal what new measures were introduced.

“We recognise that data privacy is paramount and deeply regret that customers may be affected by this attack,” Transport for NSW said. “Scammers may try to capitalise on these events. Customers should not respond to unsolicited phone calls, emails or text messages from anyone claiming to be from Transport for NSW related to any security matter.”

The attack comes a year after Transport for NSW was impacted by a cyber attack on Accellion’s file transfer system. In February 2021, it revealed that some Transport for NSW information was taken before the attack on Accellion servers was interrupted.

RELATED RESOURCE

The Total Economic Impact™ of Mimecast

Cost savings and business benefits enabled by using Mimecast with Microsoft 365

FREE DOWNLOAD

It wasn’t the only NSW agency impacted by the Accellion attack either, as NSW Health admitted in June 2021 that its patient data was breached too. Identity information and health-related personal information were both accessed in the attack and it notified patients whose data may have been accessed as a result.

This is despite the fact that the NSW government said in May last year that it was aiming to become a world leader in cyber security as part of a new economic strategy, including the launch of a Cyber Hub and a cyber security placement programme. It released a Cyber Security Strategy to create best practice and cyber resilience techniques that can be rolled out across the tech sector.

Zach Marzouk

Zach Marzouk is a former ITPro, CloudPro, and ChannelPro staff writer, covering topics like security, privacy, worker rights, and startups, primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.