Transport for NSW has joined a growing list of global organisations to fall victim to the Accellion data breach after confirming that data from the file-sharing system was stolen.
The agency said in a statement that “some TfNSW information was taken” from the file transfer appliance before the attack on Accellion servers was interrupted.
“Transport for NSW has been impacted by a cyber attack on a file transfer system owned by international company Accellion,” TfNSW said.
TfNSW did not indicate whether customer data had been impacted, but said that the breach was “limited to Accellion servers”.
“No other TfNSW systems have been affected, including systems related to driver's licence information or Opal data,” it added.
An “active investigation” is now underway to understand the impact of the breach in partnership with NSW’s whole-of-government cyber security office, Cyber Security NSW.
Cyber Security NSW is managing the government’s response to the Accellion breach, which has also impacted NSW Health.
It is currently conducting an assessment of the "volume and value of data, and any consequences for customers or government".
NSW chief cyber security officer Tony Chapman told an inquiry last month that agencies across NSW had been using Accellion as an alternative to email to securely transfer data.
“At this stage, investigations are undergoing. It’s a complex matter, involving forensic work with external specialist providers to government,” he said last month.
TfNSW said that it would ensure that “any notification process for those affected will be clearly communicated and secure”.
“We recognise that data privacy is paramount and deeply regret that customers may be affected by this attack,” it said.
Earlier this month, QIMR Berghofer Medical Research Institute and Singtel confirmed they had also been caught up in the Accellion breach.
Other organisations to be impacted include the Australian Securities and Investments Commission (ASIC), SBS and the Reserve Bank of NZ.