Transport for New South Wales (TfNSW) has confirmed being impacted by a cyber assault on a file switch system owned by Accellion.
The Accellion system was extensively used to share and retailer recordsdata by organisations world wide, together with Transport for NSW, the federal government entity stated on Tuesday afternoon.
“Earlier than the assault on Accellion servers was interrupted, some Transport for NSW info was taken,” it wrote.
TfNSW stated Cyber Safety NSW is managing the state authorities investigation with the assistance of forensic specialists.
“We’re working carefully with Cyber Safety NSW to grasp the impression of the breach, together with to buyer knowledge,” it stated.
It stated the breach was restricted to Accellion servers and no different TfNSW programs have been affected, together with these associated to driver’s licence info or Opal knowledge.
“We recognise that knowledge privateness is paramount and deeply remorse that prospects could also be affected by this assault,” TfNSW stated.
The Australian Securities and Investments Fee (ASIC) in January stated certainly one of its servers was breached earlier in the month in relation to Accellion software program utilized by the company to switch recordsdata and attachments.
Accellion was additionally used as the vector to breach the Reserve Financial institution of New Zealand (RBNZ) earlier final month.
Accellion not too long ago introduced the end-of-life for its FTA product after the software program has been abused in current assaults to breach many corporations and authorities businesses internationally since December 2020.
The NSW authorities shouldn’t be new to breach notifications. In April 2020, Service NSW, the state authorities’s one-stop store for service supply, experienced a cyber attack that compromised the knowledge of 186,000 prospects. Following a four-month investigation that started in April, Service NSW stated it recognized that 738GB of knowledge, which comprised of 3.8 million documents, was stolen from 47 employees e mail accounts.
It was additionally revealed in September that info on hundreds of NSW driver’s licence-holders was breached because of an AWS cloud storage folder that had over 100,000 photos being mistakenly left open.