Queensland Transport: No information leaked in December hack

Queensland Transport: No information leaked in December hack

No systems were compromised, the Department says

The Queensland Department of Transport and Main Roads (TMR) had its network breached by overseas hackers in December 2017, but no information was leaked, according to the Department.

As reported by the ABC, the breach was followed by an attempt to steal information from staff from other sections of government.

The documents obtained by the ABC under the Right to Information Act 2009 -- and seen by ARN -- revealed all the hacks or near hacks for 2017.

"This breach resulted in unauthorised and malicious use by an entity who successfully obtained two TMR [Transport and Main Roads] users credentials and used one mailbox for unauthorised activity," the document stated.

"No evidence of information leakage was noted but the entity used the account to phish or spam other users using a TMR account."

In its investigations, the department tracked the attack to IP addresses in Kenya and Canada, the ABC reported.

A spokesperson for Transport and Main Roads told ARN that this particular breach took place on 5 December at 3AM with the threat being eliminated by 8AM. Systems were not compromised.

"The email account of a new staff member was used to launch an initial phishing attack to send further phishing emails to a range of government, business and personal email addresses," the spokesperson said.

"The sources of the attack were from internet addresses originating in Kenya and Canada. The identified IP addresses were blocked and passwords of two compromised accounts were changed."

The Department said that it continuously scans its systems which resulted in 888,000 spam or phishing attempts being blocked in December alone.

The spokesperson said that no sensitive information was released and there was a low risk any data was released.

"We are prepared for a major incident or breach with Information Security Incident Response Plans regularly tested using real-life scenarios trials," the spokesperson told ARN.

"We also work closely with our vendors who host critical information and systems to ensure security events and incidents are reported immediately."

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags hackQueensland Department of Transport and Main Roads

Brand Post

Show Comments
View all events