Information from the office of the Education Registrar, Government Education and Training International (GETI), Libraries Tasmania and the Office of Tasmanian Assessment, Standards and Certification have also been revealed to be at risk.

The “precautionary message” sent out late on Monday afternoon also advised what information might have been accessed.

It said bank account details of those paid by the department, date of birth of TasTAFE students, names, addresses, school names, DECYP reference numbers, child names, homeroom, year group and business names were potentially compromised in the breach.

“The data that was available relates to current and historical financial information,” acting secretary for the Department for Education, Children and Young People Jenny Burgess said in the statement.

“DECYP investigations indicate some of your personal information may have been accessed. “Whilst we know your data has not been released yet, there is a likelihood that this may be published by the criminal group involved.”

The statement said the State Government was working closely with state and federal authorities to reduce the risk to individuals and organisations.

“I want to apologise for the impact that this incident has had on you. We are committed to help you and others impacted through this process,” Ms Burgess said.

“We encourage you to remain vigilant and if needed, take practical steps including staying alert for any suspicious financial activity or attempted scams.

“We take this situation very seriously and have deployed additional resources over the Easter break.”

Tasmanians are urged to be vigilant and on alert for any suspicious financial activity, along with scams.

Those with concerns can contact the Tasmanian Information Service on 1800 567 567 between the hours of 9am and 6pm.

The message was sent to stakeholders and updated on the department’s website after 4:30pm, but was not provided to media.

It comes after a bid from the state government to hose down reporting of the cyber attack.

‘Malicious and malevolent’: Tasmania not out of the woods in global data breach crisis

April 8, 1:45pm

No more sensitive Tasmanian documents have been released to the dark web since revelations of a major hacker data breach – but the state is not out of the woods yet.

On Friday, it was revealed about 16,000 Tasmanian department of education documents had been released by Russia-linked hackers, including sensitive financial information of students and their parents or caregivers.

Technology Minister Madeleine Ogilvie told reporters in a follow-up press conference on Saturday that no new information had been released since.

But she warned the reprieve didn’t mean the crisis was over.

“I don’t think we’re out of the woods,” Ms Ogilvie said.

“We’re dealing with malicious and malevolent actors.”

Ms Ogilvie said since a hotline number was announced on Friday to triage and help anyone concerned, about 20 calls had come in.

She also said the government was working “very, very hard” to work through all leaked documents – and proactively contact those affected.

“I am very concerned about this issue and I’m particularly concerned about the more vulnerable Tasmanians,” she said.

“I know there is fear and concern in the community, and I think it’s incumbent upon all of us, no matter which political party, to remain calm and prudent and sensible, and to not elevate those fears.”

Ms Ogilvie also responded to a number of criticisms levelled at her management of the crisis by the state opposition.

The government has no plans to extend the hotline beyond its hours of 9am to 6pm, to a 24-hour line – as called for by Labor – given the number of calls were “well within the limits of what we can manage”.

In response to calls from Labor IT spokeswoman Jen Butler for Jeremy Rockliff to return from his Easter break and “manage this crisis”, Ms Ogilvie said Labor needed to “concentrate on their own dysfunction”.

“I think they’ve got some serious questions to ask of their own team at the moment.”

Ms Ogilvie said she had informed the public of the crisis as soon as she could – once it was apparent there was a critical risk and as soon as she was “allowed to make a statement”.

She also confirmed the state government had still not received any ransom demands from the hackers.

The hotline number is available on 1800 567 567 from 9am to 6pm.

‘Not good enough’: Labor calls for hotline service extension after hack

Saturday, April 8 – 12.30pm:

Labor has called on the state government to expand its hotline service for people affected by the ransomware attack in which 16,000 student financial documents were leaked onto the dark web.

Labor IT spokeswoman Jen Butler said some Tasmanians may not be able to access the support or advice they needed.

“It’s not good enough for Tasmanians to not only have had their personal data compromised, but now they’re finding they might not be able to access someone for information on how to best protect themselves,” Ms Butler said.

Labor is now putting pressure on Roger Jaensch alongside Jeremy Rockliff to cut their Easter breaks short.

They called on the service to be expanded to 24 hrs a day.

“Clearly the Minister IT has not been up to the job of protecting Tasmanians and we feel that it’s time for the Minister Education and Children and the Premier to return to work and manage the crisis,” Ms Butler said.

Minister Science and technology Madeleine Ogilvie will speak to media at midday to provide an update on the situation.

‘We may see more’: Tasmanians’ personal data in hackers’ hands

Friday April 7, 2023:

About 16,000 student financial documents were released by Russia-linked hackers to the dark web – Tasmania’s Technology Minister has confirmed – with serious concerns that “we may see more”.

Madeleine Ogilvie, speaking at a press conference on Friday, described the crisis as an “evolving situation” – with the government activating a range of emergency responses over the Easter break.

Earlier this week, it was revealed that Tasmania’s Department of Education, Children and Young People was one of 130 organisations caught up in a global ransomware attack.

Ms Ogilvie said as of Friday, she’d been advised about 16,000 additional documents – including financial invoice statements and documents related to student assistance applications – had been released overnight.

She also warned there could be more to come.

Leaked files seen by the Mercury include invoices sent by schools for student levies and uniform purchases, which includes parents’/caregivers’ names, home addresses and their school account numbers.

The leaked information also shows a number of Student Assistant Scheme approval letters sent to parents, which also concerningly includes their children’s full names and dates of birth.

Ms Ogilvie said there was no evidence that Tasmanian government IT systems had been breached, with the files hacked through the third party, GoAnywhere file transfer system.

She said the state government had not received any demands for ransom.

“That is the advice I have today. I should also say that it is the advice of the federal government that we do not pay ransom,” she said.

Ms Ogilvie said the government had set up a hotline for anyone affected, and particularly encouraged anyone who might be particularly vulnerable – with domestic or family violence situations – to call immediately for help.

She said people would get a “human voice” when they contacted the hotline and be triaged so those needing urgent help would be quickly assisted.

“I feel such deep empathy and concern for everyone caught up in this hack,” she said.

Ms Ogilvie said the government had engaged the services of IDCARE, Australia’s national identity and cyber support service, along with other specialist supports, and was working with the relevant authorities, including the Australian Cyber Security Centre.

Ms Ogilvie said the government was continuing to monitor and investigate as it ploughed through the large data set, which would take “a bit of time”.

“We are working through the documents that have been released. We are triaging those to ensure those who need help most quickly will get that,” she said.

In the meantime, she asked anyone who saw unusual activity on their bank accounts to contact the hotline or the Australian Cyber Security Centre.

The Minister said the breach occurred in late January, but a patch was applied to fix vulnerabilities.

“The particular incident was a matter of four days. A patch was applied and that problem was remedied. What we’re dealing with now is the information that was transferred during that window,” she said.

Labor’s IT spokeswoman Jen Butler called on Premier Jeremy Rockliff to “step in and manage this crisis”.

“Why on earth was this Minister allowing the use of unsafe software that was reported as unsafe by experts in late January?” she said.

The hotline number is available on 1800 567 567 from 9am to 6pm.

16,000 documents shared by hackers on dark web

3pm Friday: Tasmania’s Technology Minister Madeleine Ogilvie has confirmed more than 16,000 documents have been released by Russian-linked hackers, containing sensitive and private information of tens of thousands of Tasmanians.

Speaking at a press conference this afternoon, Ms Ogilvie said the government has set up a helpline number for those concerned their data had been compromised, with more information to be provided shortly.

Personal data of Tasmanian parents and students was released on the dark web Friday morning after it was stolen from the Department of Education, Children and Youth system by cyber criminals from a Russian-linked ransomware group through the GoAnywhere file transfer system.

Leaked files seen by the Mercury include invoices sent by schools for student levies and uniform purchases, which includes parents’/caregivers’ names, home addresses and their school account numbers.

The leaked information also shows a number of Student Assistant Scheme approval letters sent to parents, which also concerningly includes their children’s full names and dates of birth.

Labor leader Rebecca White contacted Premier Jeremy Rockliff this morning asking for an urgent briefing on the situation.

Shadow Minister ICT, Science and Technology Jen Butler said it was “hard to know” how many Tasmanians had been affected by the data breach.

“We know that every primary school across Tasmania has been listed as compromised and that information from some primary schools has been put on the dark web,” she said.

“Many businesses around Tasmania have been contacted to say they’ve been compromised. “One I spoke to, a service provider of equipment, they may be compromised because of their transactions with the Department of Education.”

Ms Butler said Australian mining giant Rio Tinto had been contacted by the hackers when their information was compromised and suggested the Tasmanian Government would have as well.

“We’re not sure if a ransom has been demanded but these Russian hackers don’t mess around,” Ms Butler said. “They are a very sophisticated criminal group.”

“This is not about politics, it is about keeping Tasmanians safe.”

She also claimed the government would have known for months that their software was not secure for sensitive data when it was first announced in January that the GoAnywhere system had been potentially hacked.

Labor cries cover-up over hack

Labor has accused the government of either “gross incompetence or deliberate cover-up” over the potential loss of education department data to Russian hackers.

The government has fired back, accusing the opposition party of “scaremongering”.

Minister Science and Technology Madeleine Ogilvie said the additional resources would be put in place over the Easter break in case the improper release of data was detected.

On Wednesday she revealed there were fears names, addresses, invoices, and bank account numbers held by the Department of Education, Children and Youth had been accessed by Russian hackers in a ransomware attack on data transfer provider GoAnywhere MFT.

Minister Roger Jaensch said the government would be monitoring over Easter to see if any action is taken by those who have maliciously accessed the data.

“We know some information has been accessed. What we don’t know is what they have or what they may do with it,” he said.

“The government takes cybersecurity very seriously but it is a rapidly changing issue globally and we are not immune to it.”

Labor’s Jen Butler said the admission that financial data may have been accessed made the government’s prior secrecy “inexcusable”.

“The hackers have already released personal details of Crown Resorts customers onto the dark web in an attempt to extort them into paying a ransom, and Tasmanians face the same threat because Minister Ogilvie has botched yet another of her portfolio responsibilities,” she said.

“We knew as early as late January that Russian hackers were accessing software around the world in a sophisticated criminal operation.

“But this government continued its neglect of the digital portfolio, doing nothing to lift Tasmania from the bottom of the Cyber Security Readiness rankings in Australia and New Zealand.”

Ms Ogilvie has resisted calls for her to resign over delays in informing the public. She said the threat was being monitored over the long weekend.

“I understand reports such as this may cause concern in the community and that is why we continue to keep the community updated,” she said.

“What isn’t helpful, is the scare-mongering and misinformation being peddled by the Opposition on this issue.

“Labor’s ongoing personal attacks are appalling, but not surprising given the toxicity of that Party which has driven many from their ranks.”

Ms Ogilvie was a Labor MP from 2014 until 2018 but fell out with the party because of her conservative stance on social issues. She joined the Liberal party before the 2021 election after a stint as an independent.

Education Union Tasmania President David Genford said his members were worried about the breach.

“The AEU strongly urges the Rockliff government to deliver an open and transparent assessment of what has occurred, and inform all persons impacted by this breach about the data that has been compromised, and what action is being taken in response,” he said.

Failing to properly inform people affected by this data breach shows a Minister and Government out of touch with the concerns of their workforce and community.”

david.killick@news.com.au

More Coverage

Financial data possibly exposed in major global data hack

David Killick

Originally published as Names, addresses, date of birth: New details revealed on data breach