The Australian state of New South Wales’s (NSW) transport agency, Transport for NSW, revealed today that it had been impacted by a cyber attack in early April 2022.
The attack focused on the agency’s Authorised Inspection Scheme (AIS) online application system. This is a system that authorises examiners to inspect vehicles to meet safety requirements. To do this, users must input personal details like their name, phone number, email address, driver’s licence number, and date of birth.
During the incident, an unauthorised third party successfully accessed a small number of the application’s user accounts, stated Transport for NSW. It’s notifying affected examiners individually and providing options to help them avoid further impacts from the incident.
Additional security measures were put in place and monitoring of the application is continuing, although Transport for NSW didn’t reveal what new measures were introduced.
“We recognise that data privacy is paramount and deeply regret that customers may be affected by this attack,” Transport for NSW said. “Scammers may try to capitalise on these events. Customers should not respond to unsolicited phone calls, emails or text messages from anyone claiming to be from Transport for NSW related to any security matter.”
The attack comes a year after Transport for NSW was impacted by a cyber attack on Accellion’s file transfer system. In February 2021, it revealed that some Transport for NSW information was taken before the attack on Accellion servers was interrupted.
RELATED RESOURCE
The Total Economic Impact™ of Mimecast
Cost savings and business benefits enabled by using Mimecast with Microsoft 365
It wasn’t the only NSW agency impacted by the Accellion attack either, as NSW Health admitted in June 2021 that its patient data was breached too. Identity information and health-related personal information were both accessed in the attack and it notified patients whose data may have been accessed as a result.
This is despite the fact that the NSW government said in May last year that it was aiming to become a world leader in cyber security as part of a new economic strategy, including the launch of a Cyber Hub and a cyber security placement programme. It released a Cyber Security Strategy to create best practice and cyber resilience techniques that can be rolled out across the tech sector.
-
Latitude Financial's data policies questioned after more than 14 million records stolenNews Some of the data is from at least 2005 and includes customers’ name, address, and date of birth
-
Latitude hack now under state investigation as customers struggle to protect their accountsNews The cyber attack has affected around 330,000 customers, although the company has said this is likely to increase
-
IDCARE: Meet the cyber security charity shaping Australia and New Zealand's data breach responseCase Studies IDCARE is recruiting a reserve army to turbocharge the fightback against cyber crime not just in the region, but in the interests of victims all over the world
-
Australia commits to establishing second national cyber security agencyNews The country is still aiming to be the most cyber-secure country in the world by 2030
-
Medibank bleeds $26 million in cyber costs following hackNews The company believes this figure could rise to $45 million for the 2023 financial year
-
TikTok's two new European data centres to address data protection concernsNews The company is under pressure to prove its user data isn’t being accessed by the Chinese state
-
Cyber attack on Australia’s TPG Telecom affects 15,000 customersNews It is the third cyber attack on a major Australian telco since October
-
Telstra blames IT blunder for leak of 130,000 customer recordsNews Australia’s biggest telco said that the error was due to a mismanagement of databases and not a cyber attack
