Hack shuts down NSW Trainlink booking system


news NSW TrainLink has announced that its online reservations system has been taken offline following a hack, and that some users’ credit card data may have been compromised.

The rail and coach brand, which is run by Transport for New South Wales, said an investigation into the breach is continuing.

The police have warned that there is a risk that the “limited credit card information” in the compromised database could be used by the hackers “in some circumstances”.

However, the database is separate from the system used to process financial transactions which is “not impacted by this event”, said NSW TrainLink.

The company explained that it is working closely with the police and financial institutions to assess the risk of the security compromise, adding that customers will be contacted if their cards have been compromised by the hack.

“NSW TrainLink has established an incident response group and is working around the clock to assess the impact of this security compromise and will keep customers updated as the situation develops,” it said in a statement at the weekend.

NSW TrainLink urged customers to be “extra vigilant” to any unsolicited requests for personal information, and to notify their financial institution if there is any unusual activity on their card.

With the online reservation system remaining closed, customers wishing to make a booking should call 13 22 32.

The company also stressed that data for the Opal card scheme is kept on a separate system and “has not been compromised”.

Image credit: David Ansen, Creative Commons


  1. More of this to come once the Liberals finish their sell off to bribing criminals Leighton. As with the last article about cyber security , the government treat it with contempt and gladly run and release systems full of security holes.

  2. The database is separate as in a second server that the web app connects to ? They just need to find the login the software uses to lech data ? non firewalled SSH ? Looks like they run java so unmaintained Tomcat ? internal hack from non isolated machines ? no snort running ? I guess it’s a windows system ? Outsourced system gone live again without exploit testing ?

    Most of the site is cached , the dynamic bits is the booking system which is offline now.

  3. Wish NSW would just hurry up and privatise Sydney Trains.
    Far too much dead wood in Transport NSW waiting for their defined benefit golden handshakes.

Comments are closed.