Transport for NSW suffered another data burglary less than a year after the auditor general issued a report on the Department’s cybersecurity concerns.
Last week, the department revealed that its online application of the authorized inspection scheme (AIS) was affected by a cyber incident in early April.
“During the incident, an unauthorized third party successfully gained access to a small number of app user accounts,” a statement from TfNSW said.
“Additional security measures have been introduced and monitoring of the application continues.”
AIS is a system that allows experts to inspect vehicles to ensure minimum safety standards for a variety of reasons, the most common being the annual renewal or postponement of registration.
TfNSW notifies the affected experts and offers options to help them avoid further consequences of the incident.
“We recognize that data privacy is paramount, and we deeply regret that this attack could affect customers,” the department said.
“Significant” cybersecurity risks
Last February, TfNSW was one of the global organizations that fell victim Accellion data breakdownwith data stolen from the file sharing system.
It says the violation was restricted to Accellion servers, and no other Transport for NSW systems were affected, including systems related to driver’s license information or Opal data.
In July last year, Fr. report The NSW Auditor General found that TfNSW and Sydney Trains did not effectively manage their cybersecurity risks.
“None of the agencies promote a culture in which cybersecurity risk management is an important and valuable aspect of decision-making,” the report said.
“TfNSW does not provide effective cybersecurity training throughout the cluster, and only 7.2% of employees have received basic cybersecurity training.”
NSW Auditor General Margaret Crawford said her audit found “significant risks” that both agencies were unable to take.
In addition, the report found that both agencies did not meet the standards set by the NSW Cyber Security Policy (CSP).
The CSP defines 25 mandatory requirements for government agencies, including the implementation of the Australian Center for Cybersecurity’s Essential 8 strategy regarding malware, cyberattacks and misuse, and data recovery.
In the comments below, to express your opinion on this story.
If you have news or tips, contact us editorial@governmentnews.com.au.
Subscribe to government newsletter
https://www.governmentnews.com.au/tfnsw-hit-by-another-data-breach/
