The Tasmanian Government is investigating the theft of data from a third-party file transfer service used by the Department for Education, Children and Young People.
The latest update on the situation is available on the department’s Alerts page. Please also see the frequently asked questions below.
A malicious actor exploited an unknown vulnerability in a third-party file transfer service, used by the Tasmanian Government and many organisations globally.
Financial documents including personal information has been stolen from the Department for Education, Children and Young People. Some stolen data has since been released.
What information has been stolen?
Stolen documents relate to current and historical financial information.
It may include some, or all of, the following data:
- physical addresses
- school name
- Department for Education, Children and Young People reference number (for identification of types of service – it is only for internal use)
- child’s name, homeroom and year group
- business names
- unique Student Assistance Scheme (STAS) identifier (STAS families only)
- child’s date of birth (STAS families only)
- non-public school name (STAS non-government school families only).
The data that has been released is from 2022.
The following organisations use the department’s finance systems to process financial transactions. It’s important to note that their internal systems have not been impacted.
- Teachers Registration Board (TRB)
- Office of the Education Registrar (OER)
- Office of the Tasmanian Assessment, Standards and Certification (TASC)
- Commissioner for Children and Young People (CCYP)
- Government Education and Training International (GETI)
- Libraries Tasmania
Has my information been stolen?
All individuals directly affected by the cyber incident have been contacted by the department, either via email or mailed letter. Some individuals who were identified as vulnerable were also phoned by the department.
In addition to this, as an over-precautionary measure, the department has communicated with those identified as potentially affected by the data breach.
How do I check the email I received is from the department?
It’s good practice to check and question the legitimacy of emails (or any type of communication, like phone calls or text messages).
Official emails from the department will be sent from email@example.com.
Some individuals received an email on Monday 10 April 2023 from firstname.lastname@example.org. The Department for Education, Children and Young People used a New South Wales government email system. This was also official communication from the department.
Do I need to change my bank account details?
If you have any concerns about suspicious activity or unusual financial transactions, contact your financial provider immediately.
What is the Tasmanian Government doing about this?
The Tasmanian Government apologises for the impact, and is committed to helping you and others affected by this situation.
The Tasmanian Government has emergency management arrangements in place, with many dedicated resources working together to respond to this situation. We continue to closely monitor the situation.
What do I need to do?
The most important action you can take is to be alert to suspicious financial activity or scams. Contact your financial provider with any concerns.
Our top cyber security tips are to:
- Screen for scams and be alert to things that don’t seem right.
- Shield yourself with strong passwords, and make sure your devices and apps are up to date.
- Be ready to react quickly in the event something goes wrong – such as contacting your financial provider.
Learn more at the Tasmanian Government’s new Defend your data website.
If you are concerned that any stolen information could compromise your physical safety, call Tasmanian Police on 000. If you are concerned regarding a domestic violence situation, contact 1800 633 937.
What support is available?
- Visit the Tasmanian Government’s new Defend your data website for cyber safety tips.
- The Australian Cyber Security Centre website has advice about data security. You can also report to law enforcement via ReportCyber.
- If you have any concerns about financial transactions, contact your financial provider.
- If you are concerned that your identity has been compromised or you have been a victim of a scam, contact your bank immediately and call IDCARE on 1800 595 160. IDCARE is Australia’s national identity and cyber support service.
- If you are concerned for your immediate safety, contact Tasmania Police on 000.
- For immediate 24/7 support, contact Lifeline (13 11 14), Beyond Blue (1300 224 636) or 1800RESPECT (1800 737 732).
- If you have any further questions or concerns, contact the Tasmanian Information Service call centre on 1800 567 567 (available weekdays during business hours).