State Transit Authority of New South Wales

The State Transit Authority of New South Wales confirmed in December 2020 that a June cyber incident was caused by ransomware, affecting Sydney's public transport operations.

What Happened

In June 2020, the State Transit Authority (STA) experienced a cyber security incident that disrupted IT systems and operations. The incident was initially described vaguely as a "cyber event," but an audit released in December confirmed it was a ransomware attack.

The ransomware affected systems used for managing Sydney's bus operations, potentially impacting service planning, driver rostering, and operational coordination. The STA took systems offline to contain the attack and prevent further spread.

Impact on Individuals

While primarily affecting operational systems, the ransomware attack created service disruptions for Sydney public transport users. The extent of personal data exposure was not publicly disclosed, though transport operators typically hold employee records and potentially some customer information.

Organisational Response

The STA worked with Transport for NSW cybersecurity teams and external specialists to respond to the incident. Systems were restored from backups. The delayed public confirmation—six months after the incident—raised questions about transparency in reporting cyber attacks on critical public infrastructure. The incident highlighted the vulnerability of essential public services to ransomware attacks.