2025-03-18
Concerns were raised about cyber security risks to MyWay+ users’ personal information, including banking details and addresses, according to Inquiry Submissions.
“It became evident very shortly after MyWay+ went live that there were serious cyber security concerns, suggesting the system was not sufficiently secure to protect Canberrans’ private information,” Mr Braddock, ACT Greens spokesperson for transport, said.
“It is incredibly concerning that Labor chose to rush the roll out in time for the election rather than taking the time to ensure the system was completely secure.”
One submission to the inquiry said:
“These vulnerabilities are obvious. They are not sophisticated or difficult to exploit. They were discoverable nearly by accident. They are so obvious that they betray fundamental misunderstandings on the part of NEC’s developers as to the nature of Internet-facing client-server applications and the very basics of secure web application design.
These vulnerabilities are also so obvious that they raise concerns about whether TCCS actually conducted appropriate vulnerability assessment or penetration testing, as envisaged by the contract. It’s hard for me to imagine that any appropriately-scoped test by appropriately-experienced security consultants would have missed these.”
“The Canberra community needs to know whether the ACT Government was aware of these concerns before it went live with MyWay+,” said Mr Braddock. “Once they were made aware, what steps did they take to address the issues?
“I will be asking these questions of the ACT Government in question time today and in the public hearings next week, because the community needs this information.
“The ACT Government has an obligation to ensure that Canberran’s personal data is completely secure. The onus should not be on members of the public and advocacy groups to demonstrate the risks of using this system.
“The Labor Government must do better.
“Canberrans should be able to trust in everyday government services to be delivered securely and meet their needs and expectations,” said Mr Braddock.