Cyber Incident Victim: Transport for New South Wales

In early April 2022, Transport for New South Wales experienced a cyber incident impacting its Authorised Inspection Scheme (AIS) online application platform. The AIS system facilitates the certification of vehicle examiners who assess compliance with safety standards, requiring applicants to submit sensitive personal information including full names, addresses, phone numbers, email addresses, dates of birth, and driver’s licence numbers. An unauthorised third party successfully compromised a limited number of user accounts within this system, though the exact method of intrusion was not disclosed by the agency. Transport for NSW confirmed the breach in early May 2022, characterizing the compromised accounts as a "small number" while acknowledging the seriousness of potential data exposure. The organization expressed regret over the privacy implications for affected customers and emphasized the sensitivity of the personal information involved in the application process.

Following the breach, Transport for NSW initiated direct notifications to impacted authorised examiners, offering unspecified support options to mitigate further consequences. The agency issued public warnings about potential scam attempts leveraging the incident, advising customers to disregard unsolicited communications purporting to address security matters related to Transport for NSW. Internal response measures included implementing additional security controls on the AIS application, though specific technical enhancements were not detailed in public statements. Continuous monitoring of the system was established to detect any anomalous activity. This incident occurred approximately one year after a separate cybersecurity event involving Transport for NSW, which stemmed from vulnerabilities in a third-party Accellion file transfer system unrelated to the AIS platform. The organization maintained operational continuity of its inspection services throughout both incidents.