Cyber Incident Victim: Transport for New South Wales
Date:
Feb 2021
Location:
Australia
Summary
Transport for New South Wales experienced unauthorized data access due to a global attack targeting Accellion's legacy file transfer system, which the agency used for information sharing. The breach compromised some stored information but did not affect internal systems handling driver's licenses or Opal card data. Cyber Security NSW is managing the investigation with forensic specialists to determine potential customer data impacts. This incident occurred amid broader exploitation of vulnerabilities in Accellion's platform, leading to its planned discontinuation following similar attacks against multiple organizations worldwide.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Transport for New South Wales (TfNSW) confirmed on February 22, 2021, that it suffered a data breach stemming from a compromise of Accellion’s legacy File Transfer Appliance (FTA) system. The breach occurred when attackers exploited vulnerabilities in Accellion’s widely used file-sharing platform, which TfNSW employed to store and transfer files. Before the attack was interrupted, unauthorized actors exfiltrated an unspecified volume of Transport for New South Wales data. TfNSW clarified that the breach was confined to Accellion’s servers and did not affect its internal systems, including those managing driver’s licence details or Opal card data. The agency engaged Cyber Security NSW, the state’s cybersecurity coordination body, to lead the investigation with support from forensic specialists. TfNSW publicly acknowledged the incident, expressing regret over potential impacts to customer privacy but did not disclose the exact nature or sensitivity of the compromised data.
The incident formed part of a global campaign targeting Accellion’s FTA product, which had been exploited since December 2020 to breach multiple organizations, including the Australian Securities and Investments Commission (ASIC) in January 2021 and the Reserve Bank of New Zealand in the preceding month. Accellion subsequently announced the end-of-life for its FTA software following these attacks. For TfNSW, the breach marked another cybersecurity incident affecting a New South Wales government entity, following the April 2020 breach of Service NSW, which exposed 186,000 customers’ data via compromised staff email accounts. In that earlier incident, attackers stole 738GB of data, including 3.8 million documents. Separately, a misconfigured AWS storage bucket had exposed thousands of NSW driver’s licence images in September 2020. TfNSW’s response focused on collaboration with state cybersecurity authorities to assess the scope of the Accellion-related breach while reiterating that core transport systems remained isolated from the compromised file-transfer environment.