A malicious actor exploited an unknown vulnerability in a third-party file transfer service, used by the Tasmanian Government and many organisations globally.

Financial documents including personal information has been stolen from the Department for Education, Children and Young People. Some stolen data has since been released.

Stolen documents relate to current and historical financial information.

It may include some, or all of, the following data: 

• names 
• physical addresses 
• school name 
• Department for Education, Children and Young People reference number (for identification of types of service – it is only for internal use) 
• child’s name, homeroom and year group 
• business names 
• unique Student Assistance Scheme (STAS) identifier (STAS families only)
• child’s date of birth (STAS families only)
• non-public school name (STAS non-government school families only).

The data that has been released is from 2022. 

The following organisations use the department’s finance systems to process financial transactions. It’s important to note that their internal systems have not been impacted.

• Teachers Registration Board (TRB)
• Office of the Education Registrar (OER)
• Office of the Tasmanian Assessment, Standards and Certification (TASC)
• Commissioner for Children and Young People (CCYP)
• Government Education and Training International (GETI)
• Libraries Tasmania 
• TasTAFE.

All individuals directly affected by the cyber incident have been contacted by the department, either via email or mailed letter. Some individuals who were identified as vulnerable were also phoned by the department.

In addition to this, as an over-precautionary measure, the department has communicated with those identified as potentially affected by the data breach.

It’s good practice to check and question the legitimacy of emails (or any type of communication, like phone calls or text messages).

Official emails from the department will be sent from no-reply@cyberincident.decyp.tas.gov.au.

Some individuals received an email on Monday 10 April 2023 from decyp-cyber-incident@e.idsupport.nsw.gov.au. The Department for Education, Children and Young People used a New South Wales government email system. This was also official communication from the department.

If you have any concerns about suspicious activity or unusual financial transactions, contact your financial provider immediately.

The Tasmanian Government apologises for the impact, and is committed to helping you and others affected by this situation.

The Tasmanian Government has emergency management arrangements in place, with many dedicated resources working together to respond to this situation. We continue to closely monitor the situation.

The most important action you can take is to be alert to suspicious financial activity or scams. Contact your financial provider with any concerns.

Our top cyber security tips are to:

1. Screen for scams and be alert to things that don’t seem right.
2. Shield yourself with strong passwords, and make sure your devices and apps are up to date.
3. Be ready to react quickly in the event something goes wrong – such as contacting your financial provider.

Learn more at the Tasmanian Government’s new Defend your data website.

If you are concerned that any stolen information could compromise your physical safety, call Tasmanian Police on 000. If you are concerned regarding a domestic violence situation, contact 1800 633 937.

• Visit the Tasmanian Government’s new Defend your data website for cyber safety tips.
• The Australian Cyber Security Centre website has advice about data security. You can also report to law enforcement via ReportCyber. 
• If you have any concerns about financial transactions, contact your financial provider.
• If you are concerned that your identity has been compromised or you have been a victim of a scam, contact your bank immediately and call IDCARE on 1800 595 160. IDCARE is Australia’s national identity and cyber support service.
• If you are concerned for your immediate safety, contact Tasmania Police on 000.
• For immediate 24/7 support, contact Lifeline (13 11 14), Beyond Blue (1300 224 636) or 1800RESPECT (1800 737 732).
• If you have any further questions or concerns, contact the Tasmanian Information Service call centre on 1800 567 567 (available weekdays during business hours).