Description: The New South Wales (NSW) education department in Australia stated that their internal system had been a victim of a cyber attack. The department took some systems offline while conducting its investigation because protecting student and staff data is of the utmost importance. The department has reported the issue to the state's police and federal government organizations and collaborated with Cyber Security NSW to find a solution.

Description: The NSW Police leaked the emails of over 150 complainants. The Complainants contacted them in order to raise concerns regarding officers’ use of force following the Sydney Black Lives Matter protest. According to section 169A of the Police Act 1990 (NSW) a member of the NSW Police Force must not disclose to any person the identity of a complainant unless the disclosure is made in accordance with guidelines established by the Commissioner, with the consent of the complainant, in a situation where it is required by law, or for the purposes of any legal proceedings before a court or tribunal. It was a complete betrayal of public trust and accountability.

Description: The NSW government's QR code data breach accidently exposed the regional addresses of more than 500,000 organisations including defence sites, a missile maintenance unit and domestic violence shelters The addresses collected by the NSW government including correctional facilities, critical infrastructure networks including power stations and tunnel entry sites as well as dozens of shelters and crisis accommodation centres for women across the state was also found NSW data website. The cyber experts raised the alarm to the NSW government to secure the data immediately.

Description: A cyber attack on an Accellion-owned file transfer system has been identified as having an effect on Transport for New South Wales (TfNSW). Some Transport for NSW information was obtained prior to the attack on Accellion servers being stopped. According to TfNSW, the state government investigation is being managed by Cyber Security NSW with the aid of forensic experts. In order to investigate the implications of the incident, particularly how it may have affected customer data, the organisation said it is closely collaborating with Cyber Security NSW.

Description: In February 2021, **Transport for NSW**, an Australian government agency responsible for managing the state’s transport systems, fell victim to a **Clop ransomware attack**. The breach was part of a broader global campaign exploiting vulnerabilities in **Accellion’s File Transfer Appliance (FTA)**, a third-party file-sharing service used by the agency. While the full extent of the data compromise was not publicly disclosed, the attack exposed sensitive internal documents, including employee records, financial data, and potentially customer-related information. The Clop ransomware group, known for double-extortion tactics, threatened to leak stolen data unless a ransom was paid. Although Transport for NSW refused to negotiate, the incident disrupted operations, raised concerns over data security, and prompted an urgent review of cybersecurity protocols. The breach highlighted vulnerabilities in third-party vendor systems and underscored the growing threat of ransomware targeting critical public infrastructure. Authorities warned that the stolen data could be used for further phishing attacks or sold on the dark web, posing long-term risks to both the organization and affected individuals.