The MyWay+ system offers a variety of methods for fare payment. The investigation is examining the procurement and implementation of Canberra’s MyWay+ system, which encountered several issues from its inception. During a session by the Legislative Assembly inquiry, it was revealed that public transport users’ personal information was potentially accessible before and after the system’s launch. Both Transport Minister Chris Steel and officials from Transport Canberra and City Services are expected to appear at another public hearing tomorrow.
Inquiry into the Procurement and Rollout of the MyWay+ System
Transport Minister Chris Steel and Transport Canberra and City Services officials were expected to give further testimony at a public hearing regarding the MyWay+ system’s implementation issues. The inquiry revealed ongoing security vulnerabilities, despite official assurances of no data breaches, an assertion disputed by user tester Shaun Fulham. He detailed how he discovered access to sensitive user information through an improper server link shortly after launch. His discovery prompted a report to the Australian Cyber Security Centre, eventually leading to the issue being addressed. Both Fulham and fellow student Patrick Reid emphasized their concerns about the potential for the MyWay+ system to allow the unauthorized access of personal data and even provide unwarranted monetary credits due to flaws in the system. NEC Australia’s representatives acknowledged these issues and confirmed corrective actions were taken, such as expanding retail distribution of cards, to address the system’s capacity and performance challenges.
Security Vulnerabilities and Privacy Concerns with MyWay+
Mr. Messenger highlighted that the issues encountered during the launch, such as unexpected network outages and insufficient stocking of cards, were addressed promptly. He explained that the unexpected demand for cards through the retail network caused initial challenges due to an underestimation of the uptake by cardholders, which has since been alleviated by increasing the number of retailers to support distribution. Additionally, Ms. Gorham noted that while NEC Australia did receive user feedback through Transport Canberra, the process of communication and incorporation of this feedback into system improvements was a joint effort between the contractor and the government. They continuously assessed and worked through user-reported issues to ensure adequate readiness for the system’s full launch. This collaborative approach aimed to resolve identified problems and enhance the user experience following the rocky start.
Unauthorized Access and Security Vulnerabilities
Despite these preparations, it became clear on launch day that certain aspects of the MyWay+ system were not as robust as anticipated. Users encountered difficulties with the system’s ability to handle the large volume of transactions, leading to unexpected error messages and service interruptions. These issues were compounded by an unforeseen network outage on one of the light rail routes, further hampering commuters. The government and NEC Australia, responsible for the deployment of MyWay+, scrambled to address these setbacks quickly. They expanded the number of retailers able to distribute transit cards from the initial 27 to over 45 across Canberra, aiming to improve accessibility for passengers needing to manage their transit accounts. Despite these swift adjustments, the initial launch left many users frustrated and impacted their confidence in the system.
Government Responses and Future Improvements
In conclusion, the rollout of the MyWay+ system in Canberra faced significant challenges and security issues from the outset. Despite initial assurances from the ACT government about the lack of recorded data breaches, testimonies and findings from individuals involved in the user testing highlighted critical vulnerabilities that allowed access to sensitive user information. The government’s subsequent actions, including a review by Cyber CX and adjustments to retail networks and user feedback mechanisms, aimed to address these issues and improve the system’s functionality. However, the experience served as a reminder of the complexities involved in implementing new technological systems and the importance of securing user data and ensuring seamless user experiences.
