NSW agencies may have delayed reporting a massive cyber attack to authorities for nearly a month, officials revealed on Monday.
The breach of a software known as Accellion in December 2020 affected businesses and agencies worldwide, including Transport for NSW which had sensitive information stolen and posted on the dark web.
Cybersecurity NSW wasn't told by Transport for NSW the agency had been hacked until January 21, 2021, officials told a budget estimates hearing.
That’s despite Accellion claiming it notified all its customers of an incident two days before Christmas.
Health Minister Brad Hazzard has previously said NSW Health, which was also affected by the hack, discovered the attack on Christmas Day, 2020.
It was unclear when NSW Health notified the cyber authorities.
“Transport advised us on (January) 21, and we’ll confirm when Health advised us, but I think it was (January) 13,” Customer Service department deputy secretary Greg Wells said.
The government has been tight-lipped about what sort of documents were stolen from Transport, but officials have previously said hackers did not access drivers licence, Opal Card or medical records systems.
It's understood the Transport documents leaked online included steering committee meeting papers from 2016, a 2019 document relating to a government tender, and a 2020 letter from the NSW parliament’s upper house to the former Transport Secretary for information about ex-Wagga Wagga MP Daryl Maguire.
The files stolen from Health were predominantly “corporate files”, according to budget estimates testimony last year.
According to Accellion’s timeline of events, the company found out “anomalous activity” had occurred on December 16, and the company then spent the next three days patching up the security loophole the hackers exploited, before issuing a system update along with a warning email to customers on December 20.
Two more security updates were made on December 23 and 24, the company said.
On January 22, the company learned of a new breach, which led it to issue an “urgent security alert to FTA customers advising them to shut down their FTA systems immediately”, Accellion said.
The NSW government has said all state agencies have stopped using Accellion since the hack occurred.