Transport for NSW confirms data taken in Accellion breach
Transport for New South Wales (TfNSW) has confirmed being impacted by a cyber attack on a file transfer system owned by Accellion.
The Accellion system was widely used to share and store files by organisations around the world, including Transport for NSW, the government entity said on Tuesday afternoon.
“Before the attack on Accellion servers was interrupted, some Transport for NSW information was taken,” it wrote.
TfNSW said Cyber Security NSW is managing the state government investigation with the help of forensic specialists.
“We are working closely with Cyber Security NSW to understand the impact of the breach, including to customer data,” it said.
It said the breach was limited to Accellion servers and no other TfNSW systems have been affected, including those related to driver’s licence information or Opal data.
“We recognise that data privacy is paramount and deeply regret that customers may be affected by this attack,” TfNSW said.
The Australian Securities and Investments Commission (ASIC) in January said one of its servers was breached earlier in the month in relation to Accellion software used by the agency to transfer files and attachments.
Accellion was also used as the vector to breach the Reserve Bank of New Zealand (RBNZ) earlier last month.
Accellion recently announced the end-of-life for its FTA product after the software has been abused in recent attacks to breach many companies and government agencies across the world since December 2020.
The NSW government is not new to breach notifications. In April 2020, Service NSW, the state government’s one-stop shop for service delivery, experienced a cyber attack that compromised the information of 186,000 customers. Following a four-month investigation that began in April, Service NSW said it identified that 738GB of data, which comprised of 3.8 million documents, was stolen from 47 staff email accounts.
It was also revealed in September that information on thousands of NSW driver’s licence-holders was breached as a result of an AWS cloud storage folder that had over 100,000 images being mistakenly left open.