In a statement, the authority said its Authorised Inspection Scheme had been attacked in April and a number of user accounts accessed by the attacker or attackers.
The agency was attacked last year as well, with that breach being carried out through a file transfer system manufactured by a firm known as Accellion.
At the time, the security firm Mandiant said it had identified the attacker using the Accellion software to carry out the attacks and gave it the name UNC2546.
Regarding the April attack, Transport for NSW said: "During the incident, an unauthorised third party successfully accessed a small number of the application’s user accounts.
"Additional security measures were put in place and monitoring of the application is continuing.
"Transport for NSW is notifying affected examiners individually and providing options to help them avoid further impacts from the incident."
The agency warned that scammers may use stolen data from the attack to try and trick users. "Customers should not respond to unsolicited phone calls, emails or text messages from anyone claiming to be from Transport for NSW related to any security matter," it advised.
"If you doubt communication from Transport for NSW is genuine, or have any concerns about this incident, please contact our customer line on 1300 234 987 or email responsetaskforce @ transport.nsw.gov.au."
Asked for his take on the second attack, seasoned ransomware threat researcher Brett Callow, who works for the security firm Emsisoft, said: "Transport for NSW was previously breached as a result of using a vulnerable file transfer appliance, and the data stolen in that incident is still available online.
"Without additional details, it's impossible to say whether this incident is any way linked to that breach, but it’s certainly possible."