Transport for NSW affected by Accellion breach


By Dylan Bushell-Embling
Friday, 26 February, 2021

Transport for NSW affected by Accellion breach

Transport for NSW has warned it has been caught up in the cyber attack on a file transfer system operated by secure file sharing company Accellion.

The compromise of the Accellion system in December led to some Transport for NSW information being stolen by the attackers, the agency warned.

An ongoing forensic investigation has determined that the breach was limited to Accellion servers and no other Transport for NSW systems have been affected, including any driver’s licence information.

But the extent of the breach is still being determined, with the investigation focused on identifying risks to customer information. The agency said it plans to ensure that any notification process for those affected will be clearly communicated and secure.

“We recognise that data privacy is paramount and deeply regret that customers may be affected by this attack,” the agency said in an advisory.

“Cyber Security NSW is managing the NSW Government investigation with the help of forensic specialists. We are working closely with Cyber Security NSW to understand the impact of the breach, including to customer data.”

The agency warned that scammers may seek to capitalise on the compromised information. “Customers should not respond to unsolicited phone calls, emails or text messages from anyone claiming to be Transport for NSW related to any security matter,” the advisory states.

Auth0 GM for APAC Richard Marr said a number of Australian organisations have been subjected to attacks since the emergence of the Accellion data breach in December.

“As public users and consumers give more of themselves away online to access digital services, they expect that their data is safe. With the complexity of today’s attacks, one tactic alone is not enough,” he said.

“As credential-related attacks rise, it is up to organisations to prioritise cybersecurity awareness training, utilise password managers and multi-factor authentication, invest in proactive threat detection, [and] look for customisable security solutions.”

Image credit: ©stock.adobe.com/au/HPW

Related Articles

Emergency onboarding: what to do before and after a data breach

Organisations that have an emergency onboarding plan are better positioned to have their business...

Savvy directors are demanding more points of proof when cyber incidents occur

Pre-agreement on what a post-incident forensics effort should produce — and testing it out...

Cyber-attack prevention is better than a cure

Corporate and political decision-makers need to invest in areas that do a better job of...

Content from other channels on our network

Breakfast event to explore connectivity for emergency response

High-frequency operation in a dynamic metasurface antenna

Teltronic and Crosscall agree to integrate their solutions

Global 5G connections reached 1.76 billion in 2023

AceComms partners with Hitachi Energy on industrial internet

Why SEHO Selective Systems are changing the way manufacturers solder boards using through hole designs

Eco-friendly battery for low-income countries

Unravelling the mystery of slow electrons

Laser tech used to develop deformable energy storage device

Laser printing on fallen tree leaves produces sensors for medical and laboratory use

GovTEAMS: boosting the efficiency of government and its suppliers

Report exposes unique cybersecurity threats in the public sector

Optimising the value of AI in the public sector

Why SBOMs are critical in the fight against software supply chain attacks

Elastic announces AI-driven attack discovery feature

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd