Driver’s licence particulars were between the private info stolen from Transport for NSW in the Accellion knowledge breach last yr, iTnews can expose.
It has also emerged that at minimum 500 clients and staff members of the agency were being impacted in the incident, some of which are only now becoming notified.
TfNSW confirmed it was 1 of a selection of substantial organisations all over the world to drop victim to the data breach against the 20-year-outdated File Transfer Appliance (FTA) in February 2021.
Two exploits are claimed to have formed the basis for the assault: one on December 2020 and yet another in January 2021, the two of which have been patched by the organisation within just a week.
At the time, TfNSW claimed some data experienced been stolen, ahead of confirming in December 2021 – as element of a planned 2nd round of notifications – that purchaser and staff info was accessed.
At no time has it disclosed what types of details ended up compromised, even with the company completing remaining assurance investigations.
On the other hand, a notification electronic mail acquired by iTnews confirms that driver licence data was incorporated in the details leak.
Other details have also most likely been exposed, such as names, email tackle, household address or contact figures.
It is recognized that the compromised information relates to the issuing of new licences by the office.
An FAQ document witnessed by iTnews also suggests that some affected folks experienced formerly experienced their driver’s licences information and facts compromised in yet another info breach.
It is not crystal clear how the facts had been originally leaked, but it follows two current superior-profile knowledge breaches involving driver’s licences in 2020.
Driver’s licence details was compromised in a phishing assault from 47 Service NSW staff members that necessary the personal info of 103,000 shoppers.
Far more than 50,000 scanned driver’s licences ended up also observed in an open S3 bucket assumed to belong to a industrial entity.
The FAQ doc also indicates that 500 persons impacted in the Accellion breach, nevertheless it is unclear this is the complete number of persons or just people notified in the most up-to-date spherical.
Anecdotal proof, having said that, suggests that this figure could be considerably bigger.
A spokesperson from the section declined to comment.