NSW TrainLink Website Breach Could Lead to Customer Data-theft

Online train reservations go off the rails

The New South Wales Opposition party has demanded that the Transport Minister for the state disclose the extent of the damage concerning a recent breach of a TrainLink site. The company’s reservation site was compromised by hackers it was revealed, though the nature and amount of the data harvested is unclear as yet. TrainLink provides regional, inter-city and inter-state services, as well as coach trips in NSW.

The security breach occurred at some point last week and state Privacy Commissioner, Elizabeth Coombs was notified on Friday afternoon. Although praising the Transport department for promptly notifying her, she cautioned, “There was no information available to me as to how much personal information, if any personal information had been breached, there was not a sense of the number of people that might be affected.

Not quantified, though quarantined

Transport for NSW stated that although the extent of the breach had not yet been quantified, there was a small risk that some customer data could be of limited value to the criminals. “Latest information from police is that there is a risk that the limited credit card information in the compromised database could, in some circumstances, be used,” they said in a statement, “this database contains limited credit card information and is separate from the system used to process financial transactions which is not impacted by this event“.

They went on to explain that the database that was breached contained only basic card details and is isolated from the one used to transact financially with the customer regarding reservations. This second system is perhaps what the hackers were trying to reach, and it has been stated that this was not breached.

Labor: an explanation is needed

Opposition transport spokeswoman Jodi McKay pointed out that the TrainLink website had been down of several days, and people should be told if their credentials were at risk. She demanded that Andrew Constance should investigate and explain: “I think the Minister of Transport should be standing up to indicate how this occurred, what period did it occur and how many customers have been impacted,” she said. “This is very basic information that hasn’t been conveyed to the community. I would urge the Minister to put information out there to ease the minds of those who use the site“.

Coombs: be careful of the phish

Ms. Coombs meanwhile, warned previous online customers of TrainLink to be on their guard for phishing e-mails. This is like spam e-mail, but targeted. It often occurs after these kind of breaches when hackers acquire some personal details, though not enough to monetize. They use this data to send either scam mail purporting to come from a reputable source, or malware-infected e-mails. “People need to be keeping a close eye out for emails which might be coming in which might ask them to click on links, or their financial credit cards,” she said, “That appears to be the two risks which are most evident at the moment.”

Leave a Comment

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.