Hack shuts down NSW Trainlink booking system

By

Updated: Some customer credit card data, personal info likely captured.

Transport for NSW has been forced to close down the online booking platform for its Trainlink service after attackers infiltrated the system and caputured some customer credit and personal data.

Hack shuts down NSW Trainlink booking system

While Transport for NSW confirmed it was investigating the breach, it did not provide any further detail, including when the attack occurred and how many customers were affected.

Opal transport cards are not affected as they are kept on a separate system, the agency said. 

The transport authority initially said the NSW Trainlink database did not contain "sufficient credit card information for it to be used in any transaction," but later reversed its statement.

After advice from the police, it said it now believes some customer credit card data could in fact be used by the unnamed attackers. It also indicated personal information had potentially been accessed.

The agency has called in both the police and AusCERT to help investigate the data breach and assess how much data has been accessed. It said it has also engaged the NSW Privacy Commissioner and financial institutions.

NSW Trainlink warned customers to be alert to phishing attacks and messages from scammers that ask for personal information or credit card details.

The authority also asked customers to keep an eye out for unusual activity on their credit cards.

The NSW Trainlink online booking system remains closed, with no time estimate for the restoration of service. Customers are asked to call 13 22 32 to make reservations.

iTnews has contacted Transport for NSW for further information on the breach.

Update May 30: The NSW Privacy Commissioner has advised that personal and financial details were likely accessed in the attack.

Elizabeth Coombs said specifics were unclear and the Transport department was continuing to investigate.

"... the department has been advised that there is a potential risk that personal and financial information may have been accessed, but the level of that risk is still being determined," she said in a statement.

 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
governmentsecuritytransport

Sponsored Whitepapers

Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond

Events

Most Read Articles

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks
SA Water plans 'once-in-a-generation' core technology uplift

SA Water plans 'once-in-a-generation' core technology uplift
WhatsApp banned on US House of Representatives devices

WhatsApp banned on US House of Representatives devices
Victoria's first government tech chief steps down

Victoria's first government tech chief steps down
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?