Cyber Security NSW was first made aware of the Accellion vulnerabilities in January and with NSW Police, established Strike Force Martine to investigate the impacts of the breach on the NSW Government.
The NSW Government has retired all instances of Accellion FTA as part of the centralised response to protect customer and government data.
Transport for NSW and NSW Health are among agencies that have been affected by the incident. An assessment of the volume and value of data, and any consequences for customers or government is underway.
Forensic analysis by industry specialists has established there was no third-party access to major agency systems including the Driver Licence systems, the Opal travel systems, or electronic medical records systems used by public hospitals.
Scammers may try to capitalise on these events. Customers should not respond to unsolicited phone calls, emails or text messages related to any security matter.
Any notification process will be clearly communicated to affected customers and led by the relevant agency using secure methods.