Transport for NSW has confirmed it had data stolen in a global attack on the Accellion file transfer system earlier this year and is working with the state’s cyber security agency to investigate the extent of the breach.
The California cloud company confirmed in February that it was the target of a “sophisticated cyber attack” on the file sharing system that affected customers around the world over December and January.
“Before the attack on Accellion servers was interrupted, some Transport for NSW information was taken,” Transport for NSW said in a statement on Wednesday.
“We are working closely with Cyber Security NSW to understand the impact of the breach, including to customer data.”
NSW Health also affected
Cyber Security NSW says it learned of vulnerabilities in the system in January. It confirmed during a parliamentary inquiry earlier this month that NSW Health was also affected by the breach.
“Cyber Security NSW is coordinating a whole-of-government response with potentially impacted agencies. We are working with forensic specialists as well as Accellion to determine the extent of potential impact, and that is ongoing,” Chief cyber security officer Tony Chapman told the Inquiry into Cybersecurity on February 3.
Cyber Security NSW said in a statement on Wednesday that “an assessment of the volume and value of data, and any consequences for customers or government” is underway.
TfNSW says the breach was limited to Accellion servers and no other Transport for NSW systems have been affected, including systems related to driver licence information or Opal data.
The NSW government has retired Accellion FTA as part of a “centralised” response, Cyber Security NSW says.
Comment below to have your say on this story.
If you have a news story or tip-off, get in touch at firstname.lastname@example.org.
Sign up to the Government News newsletter