Transport for New South Wales (TfNSW) has confirmed it will be affected by the cyberattack on the Accellion-run file transfer system.
The Accellion system has been widely used to distribute and store files by organizations around the world, including NSW Transport, the government organization said Tuesday afternoon.
“Before the attack on Accellion servers was interrupted, some Transport for NSW information was taken,” it wrote.
TfNSW said Cyber Security NSW has conducted a state government investigation with the help of forensic experts.
“We are working closely with Cyber Security NSW to understand the impact of these breaches, including customer details,” it said.
It said the breach was limited to Accellion servers and no other TfNSW programs were affected, including those related to driver’s license details or Opal data.
“We recognize that data privacy is paramount and deeply regret that customers may be affected by this attack,” TfNSW said.
The Australian Securities and Investments Commission (ASIC) in January said one of its services was broken earlier this month in connection with the Accellion software used by the agency to transfer files and attachments.
Accellion was also used as a vector to break the Reserve Bank of New Zealand (RBNZ) early last month.
Accellion recently announced the end of its FTA product life after the software was hacked into a recent attack that has plagued many companies and government agencies around the world since December 2020.
The NSW government is not new to breaching notices. In April 2020, Service NSW, the country’s only one-nation service delivery store, encountered a cyber attack that reduced the knowledge of 186,000 customers.
After a four-month investigation that began in April, Service NSW said it had found that 738GB of data, with 3.8 million documents, had been stolen from 47 employees’ email accounts.
It was also revealed in September that details on the thousands of NSW driving license holders had been breached due to AWS’s last folder containing more than 100,000 images that had been accidentally left open.