NSW TrainLink suffers security breach

Transport for NSW’s online booking system was hacked on Friday, potentially capturing customer payment details, the agency said.

NSW TrainsLink was closed down following an investigation by Transport for NSW into a security breach.

Initially, Transport for NSW claimed the TrainLink database did not contain sufficient credit card information for it to be used in any transaction. The agency has since backtracked on this statement, now claiming some customer details were likely captured.

The agency has been working with local police and AusCERT to manage the investigation and determine what data has been infiltrated and accessed, and the identity of the hackers. The Information and Privacy Commissioner has also been notified of the breach.

“Opal customers can be reassured that Opal data is kept on a completely separate system and has not been compromised,” the agency said in a statement.

“Customers are asked to be extra vigilant to any unsolicited requests for personal information.”

NSW TrainLink operates the regional train and coach services formerly provided by CountryLink as well intercity train services formerly operated by CityRail.

The online booking system remains closed while the matter is investigated. Customers have been advised to call 13 22 32 for reservations.

CIO Australia has reached out to Transport for NSW for further comment.