Transport for NSW (TfNSW) has warned that credit card information stored in a compromised database could be used for fraud.
Public transport operator NSW TrainLink revealed on Friday that the security of its online reservations system had been compromised.
“The NSW TrainLink database does not contain sufficient credit card information for it to be used in any transaction,” the agency said in its initial statement on the breach.
However, a subsequent statement issued by TfNSW said: “Latest information from Police is that there is a risk that the limited credit card information in the compromised database could, in some circumstances, be used.”
“This database contains limited credit card information and is separate from the system used to process financial transactions which is not impacted by this event,” the statement added.
Opal data has not been compromised.
“Transport for NSW continues to investigate what has occurred,” said the state’s privacy commissioner, Dr Elizabeth Coombs. “My office is in contact with the Department to receive updates”
“I encourage anyone who is concerned they may have been affected to keep an eye on their accounts for any unusual transactions and report any discrepancies to their financial institution immediately. I also urge customers to be vigilant of any unsolicited requests for personal information.”
The privacy commissioner commended TfNSW for alerting her office to the breach.
Earlier this year the NSW Department of Industry’s resources and energy division revealed its Maitland office suffered what it described as a “hacking attempt”.
Earlier this year when launching Australia’s national cyber security strategy Prime Minister Malcolm Turnbull confirmed reports that the Bureau of Meteorology last year suffered a “significant cyber intrusion”.