On Sunday, Science and Technology Minister Madeleine Ogilvie disclosed the name of the third-party file transfer service that may have been hacked as being GoAnywhere MFT — a service caught up in a global ransomware attack.

Last week, Australian casino giant Crown Resorts confirmed it was one of more than 130 organisations contacted by a ransomware group who claimed they had breached GoAnywhere and illegally obtained a number of files.

It is believed the hackers of Crown Resorts – who reportedly sent Crown a ransom demand – are the same who claimed to have breached the Tasmanian government systems, a Russian ransomware group known as Cl0p.

Multiple international cybersecurity websites reported Cl0p added the Tasmanian Government to its victims list on Friday, March 24 (March 25 Australian time) – six days before the government informed residents and the media of the potential breach.

“Ransomware gang Cl0p has claimed responsibility for the January 2023 attack on Fortra’s GoAnywhere managed file transfer tool that has compromised data from a growing list of entities, including employee data from Rio Tinto and accounting data from the University of Melbourne,” Australian Cyber Security Magazine reports.

“Cl0p has methodically begun releasing stolen data from several non-Australian entities on the dark web to encourage the payment of ransoms.”

Screenshots of Cl0p’s updated list of victims were posted on Twitter on March 25, showing the Tasmanian Government had been added to the list.

The list – published and shared via hacker forums on the dark web – revealed the address of the Hobart executive building, website, phone number and revenue ($59.4m), with an ominous “COMING SOON …” under a heading labelled information.

On Sunday, Cl0p reportedly released the first lot of data stolen from Australian mining giant Rio Tinto. It is unclear what personal information was included in the data illegally made public.

In an article published by The Record on Monday, March 27, a Tasmanian Government spokesperson said they were aware of the breach.

“The government is aware of these reports and they are being investigated,” the spokesperson within Tasmania’s Department of Premier and Cabinet told The Record.

Ms Ogilvie said the government had referred the potential breach to relevant state and federal authorities, including Tasmania Police and the Australian Cyber Security Centre.

“We are taking swift action to investigate this breach and ascertain if any information has been compromised. We will continue to provide updated information as it becomes available,” Ms Ogilvie said.

“Our government reiterates that if the investigation reveals any personal information has been compromised we will work with anyone affected and ensure support is available.”

When asked why a statement was provided to The Record cybersecurity website almost a week before informing the Tasmanian public of the potential threat, a government spokesman said “establishing the validity of these claims is complex and requires further investigation”.

The spokesman added that the government “has not been contacted by Cl0p at all”.

It is still unclear how many residents or government employees are at risk, if at all.

More Coverage

‘Concerning’: Government tight-lipped on data breach

David Killick, Katie Hall

‘This is a serious issue’: Govt lashed over data breach news

Originally published as Tasmanian government data breach threat: GoAnywhere service used by Cl0p ransomware gang