TfNSW's Authorised Inspection Scheme (AIS) online application has been affected by a data breach.

Transport for NSW has been hit by another data breach, less than a year after the Auditor-General delivered a report into the department’s cyber security problems.

The department revealed last week that its Authorised Inspection Scheme (AIS) online application was impacted by a cyber-incident in early April.

“During the incident, an unauthorised third party successfully accessed a small number of the application’s user accounts,” TfNSW said in a statement.

“Additional security measures were put in place and monitoring of the application is continuing.”

AIS is a system that allows examiners to inspect vehicles to ensure a minimum safety standard for various reasons, the most common being for annual renewal or transfer of registration.

TfNSW is notifying affected examiners and providing options to help them avoid further impacts from the incident.

“We recognise that data privacy is paramount and deeply regret that customers may be affected by this attack,” the department said.

‘Significant’ cyber security risks

In February last year, TfNSW was one of the global organisations that fell victim to the Accellion data breach, with data stolen from the file-sharing system.

It said the breach was limited to Accellion servers and no other Transport for NSW systems were affected, including systems related to driver licence information or Opal data.

In July last year, a report from the NSW Auditor-General revealed that TfNSW and Sydney Trains were not effectively managing their cyber security risks.

“Neither agency is fostering a culture where cyber security risk management is an important and valued aspect of decision-making,” the report said.

“TfNSW is not implementing cyber security training effectively across the cluster with only 7.2 per cent of staff having completed basic cyber security training.”

NSW Auditor General Margaret Crawford said her audit uncovered “significant risks” that both agencies failed to pick up.

Furthermore, the report revealed that both agencies were falling short of standards set out by the NSW Cyber Security Policy (CSP).

The CSP sets out 25 mandatory requirements for government agencies, including implementing the Australian Cyber Security Centre’s Essential 8 strategies relating to malware, cyber attacks and misuse, and data recovery.

Comment below to have your say on this story.

If you have a news story or tip-off, get in touch at editorial@governmentnews.com.au.

Sign up to the Government News newsletter

Amy Cheng

TfNSW hit by another data breach

‘Significant’ cyber security risks

Related stories

Data breaches still a concern for NSW citizens

Government agencies report 34 data breaches

Govt agencies will soon have to come clean on data breaches

Privacy commissioner questioned over data breach notification scheme

TAGS

Leave a comment: Cancel reply

Latest comments

Sue Phillips on: 15 councils participate in SA emissions reduction trial

Garth Daddy on: War memorial contracts fudged, audit finds

Roger Buhlert on: New VLGA appointment vows to lift governance standards

Most read

Scathing report finds little has changed at PwC

Qld council welcomes progress on massive battery system

‘Local’ procurement turns out not to be so local, committee hears

MoG changes see regions, investment return to NSW Premier’s Department

15 councils participate in SA emissions reduction trial

Popular posts

Latest news

Niki Savva appointed to Board of Old Parliament House

Monitors at Glenelg reappointed amid ‘behaviours of concern’

AI picks up 2,000 road defects a week for disaster-hit NSW council

Australian healthcare expensive but good, research finds

Bureaucrats grilled over ‘fake’ govt emissions certificate during greenwash inquiry