TfNSW hit by second cyber attack in less than 18 months

By

Confirms authorised inspection scheme system data accessed.

An online application used by vehicle examiners to conduct roadworthiness inspections in NSW has been struck by a cyber attack.

TfNSW hit by second cyber attack in less than 18 months

Transport for NSW said the authorised inspection scheme (AIS) online application was impacted by a cyber incident in early April.

“During the incident, an unauthorised third-party successfully access a small number of the application’s user accounts,” TfNSW said in a statement on Wednesday.

TfNSW said additional security measures were put in place following the incident and that it is continuing to monitor the application.

AIS is a system “under which vehicles are inspected in NSW”, according to TfNSW. Inspections are carried out for annual renewal or the transfer of registration.

Impacted examiners are now being notified individually to help them “avoid further impacts from the incident”.

“We recognise that data privacy is paramount and deeply regret that customers may be affected by this attack,” TfNSW added.

The incident comes less than 18 months after the agency confirmed it was one of a number of large organisations worldwide to fall victim Accellion data breach.

Both customer and employee data was found to have been accessed in the breach, with iTnews later revealing that this included driver’s licence details.

TfNSW was forced to conduct two rounds of notifications after revising up the number of impacted individuals, including at least 500 customers.

In July 2021, TfNSW was revealed as having low levels of maturity against the Australian Cyber Security Centre's Essential Eight controls.

The audit also highlighted issues with the agency's cyber security culture, with risk information only passed on to senior executives “irregularly”.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Services Australia's sweeping security uplift plans for myGov

Services Australia's sweeping security uplift plans for myGov

Medibank allegedly missed EDR alerts before data breach

Medibank allegedly missed EDR alerts before data breach

Northern Beaches Council reviews security stack to shore up widening perimeter

Northern Beaches Council reviews security stack to shore up widening perimeter

CrowdStrike rejects Delta Air Lines claims over outage

CrowdStrike rejects Delta Air Lines claims over outage

Log In

  |  Forgot your password?