No credit card or personal data was stolen in last week's breach of the NSW Trainlink online booking system, the transport department said today.
Late last week Transport for NSW revealed it had been forced to take the regional train booking platform down after attackers managed to get inside the system.
At the time the department - and later the NSW Privacy Commissioner - advised that some customer credit card and personal data had likely been stolen.
Now, however, the agency said its investigation into the matter had found no evidence to suggest customer data was compromised.
It said it had warned initially of a potential breach to ensure customers were fully aware their details could be at risk.
"NSW TrainLink is pleased to report that all available evidence now suggests that NSW TrainLink’s security systems were successful in preventing attempts at unauthorised access to the reservation database," the department said in a statement today.
The agency has been working with both the police and AusCERT, as well as the NSW Privacy Commissioner and financial institutions to get to the bottom of the incident.
It said the banks had confirmed there was no indication any unauthorised transactions had occurred as a result of the attack.
The TrainLink system remains offline.
"Customers should continue to call 13 22 32 to make regional train and coach bookings. NSW TrainLink will advise customers when the booking system is back online," the department said.
.png&h=140&w=231&c=1&s=0)
_page-0001.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
