Transport for NSW impacted by the worldwide Accellion data breach

Published

Transport for NSW has been impacted by a cyber attack on a file transfer system owned by international company Accellion.  

The Accellion system was widely used to share and store files by organisations around the world, including Transport for NSW.  

Before the attack on Accellion servers was interrupted, some Transport for NSW information was taken. 

Cyber Security NSW is managing the NSW Government investigation with the help of forensic specialists. We are working closely with Cyber Security NSW to understand the impact of the breach, including to customer data.

Read Cyber Security NSW’s statement.

Status of investigations 

An active investigation is underway and identifying risks to customer information is our priority.   

Transport for NSW will ensure that any notification process for those affected will be clearly communicated and secure.

This breach was limited to Accellion servers. No other Transport for NSW systems have been affected, including systems related to driver licence information or Opal data.  

Support available 

We recognise that data privacy is paramount and deeply regret that customers may be affected by this attack.  

Scammers may try to capitalise on these events. Customers should not respond to unsolicited phone calls, emails or text messages from anyone claiming to be Transport for NSW related to any security matter.  

If you doubt communication from Transport for NSW is genuine, or have any concerns about this incident, please contact our customer line on 1300 234 987

You may also seek independent assistance from IDCARE, Australia’s national identity and cyber-support community service. IDCARE can assist you to take practical steps to protect your information. IDCARE can be found at www.idcare.org or on 02 8999 3356.  

Protecting yourself 

Cyber Security NSW recommends that all NSW residents take steps to protect their personal information.   

  • Wherever possible implement multi-factor authentication for your online accounts 
  • Never feel like you have to respond to unsolicited phone calls, emails or text messages. Scammers impersonate government and business to convince people to take actions. If you aren’t sure, do your own research and make contact using publicly listed contact details for the organisation 
  • Talk to your financial institution about improving your online security. Most scammers are after your money 
  • Ensure you have anti-virus software on all of your online devices. 

For more guidance, please visit Staying Safe Online