NewsBite

Tasmania data breach explainer: How to protect yourself from the Russian data hack

Tasmania cyberattack explainer: What we know, what we don’t know and what you can do if you’re affected.

Generic fraud. Picture: Istock
Generic fraud. Picture: Istock

The apparent loss of Tasmanian government data to Russian hackers has caused widespread community concern. Here is what we know so far, what we don’t know and what you can do to protect yourself. This page will be updated as new information comes to hand and was last updated at 10am Thursday April 13.

If you have questions on you would like us to on your behalf, please email david.killick@news.com.au.

WHAT WE KNOW

Hackers from a Russian ransomware group appear to have exploited a weakness in file transfer company GoAnywhere MFT in January 2023 and obtained data from up to 130 clients worldwide including the Tasmanian Government, Crown Resorts and Rio Tinto.

GoAnywhere MFT provides data transfer services for large datasets held by companies and governments.

There is no evidence that Tasmanian government computer networks have been breached, just this third party provider.

The breach was detected around January 30 and should have been fixed when a patch was released a few days afterwards.

It is understood six Tasmanian government agencies used the service but only one, Education, may have lost data transferred using the service over a period of a few days.

The hackers began issuing ransomware demands to some of the organisations affected in March.

The Tasmanian Government was added to the victims list on Friday, March 24.

The government acknowledged it was looking into the reports in a statement to IT trade media on March 27.

“The government is aware of these reports and they are being investigated,” said a spokesman within Tasmania’s Department of Premier and Cabinet.

Minister for Science and Technology Madeleine Ogilvie revealed the threat to the public on

April 2.

Minister Madeleine Ogilvie. Picture: Nikki Davis-Jones
Minister Madeleine Ogilvie. Picture: Nikki Davis-Jones

The Tasmanian government says no ransom demand has yet been received and a ransom will not be paid.

Around 16,000 documents — including financial invoice statements and documents related to student assistance applications — were released by the hackers onto the dark web overnight on April 7.

They included include invoices sent by schools for student levies and uniform purchases, which includes parents and caregivers names, home addresses and their school account numbers.

The state government has engaged CyberCX, a leading national cyber security company to help deal with the threat and is acting in concern with the threat and is working with federal authorities.

The Tasmanian Emergency Management Arrangements have been activated by the State Emergency Management Committee.

The cybersecurity breach has been classified as being at level two on the three level emergency scale — indicating an event of medium impact and medium complexity.

The latest update on the information of Tasmanians that may have been compromised includes current and historical financial information belonging to people and businesses who have had had interactions with the Department of Education, Children and Youth.

Those organisations include the Teachers Registration Board, the Office of the Education Registrar, Office of Tasmanian Assessment, Standards and Certification, the Commissioner for Children and Young People, Government Education and Training International, Libraries Tasmania and TasTAFE.

The information included in the potentially compromises data sets include names, addresses, school name, DECYP reference number, child names, homeroom, year group, business names, bank account details and learner’s date of Birth for TasTAFE students.

The total number of people whose data may have been affected is around 150,000 and includes students, parents, contractors and teachers.

UPDATE 10am April 13: New figures on numbers affected from the Department of Education, Children and Young People.

“On Monday 10 April an email was sent from Department for Education, Children and Young People (DECYP) to all potential stakeholders from the last five years. This covered DECYP, Office of the Education Registrar (OER), Teachers Registration Board (TRB), Office of the Tasmanian Assessment, Standards and Certification (TASC), TasTAFE and Commissioner for Children and Young People (CCYP).

‘This was a total of 145,683 emails, the stakeholders include debtors, creditors and 1,271 previous DECYP employees and it outlined that their data was potentially at risk. Within this total, this includes DECYP staff who may have received this email notification e.g. they are, or were a parent of a Tasmanian Government school student.

A copy of the email to stakeholders was also provided to all current DECYP, OER, TRB, TASC, and CCYP.

“This went to 15,277 staff. TasTAFE also communicated with their staff on 10 April.”

Note: According to the TasTAFE annual report, the organisation had 944 staff in 2021/22. The total number of those potentially affected would now stand at 162,231 plus past and present TasTAFE staff.

The government is trying to reach those people by email, letter and phone call.

Minister for Technology, Madeleine Ogilvie, and Rob Williams, deputy secretary of government services. Picture: Amber Wilson
Minister for Technology, Madeleine Ogilvie, and Rob Williams, deputy secretary of government services. Picture: Amber Wilson

WHAT WE DON’T KNOW

* When or if a ransom demand might be made over the remaining data.

* What data GoAnywhere was contracted to handle for the Tasmanian government.

* Whether the data was securely encrypted or not.

* How far back the potentially compromised data may stretch, although it is certainly some years.

* Which other Tasmanian government entities used GoAnywhere.

* Whether any of the information that appears to have been stolen has been used in identity theft or attempted scams.

WHAT YOU CAN DO

The Department of Education Children and Young People says in its latest advisory dated Monday: “Scammers may use your personal information to contact you by phone, text or email. Never click on links or provide personal or financial information to someone who contacts you out of the blue.”

This advice applies to SMS messages, email, web links and telephone calls.

The Tasmanian government is operating a call centre to assist people with concerns about their data: 1800 567 567 between 9am – 6pm. 

If you are concerned that your identity has been compromised or you have been a victim of a scam contact your bank immediately and call IDCARE on 1800 595 160.

IDCARE is Australia’s national identity and cyber support service, to get expert advice from a specialist identity and cyber security service.

Tasmanian government updates are being posted on the DECYP website and to TasAlert.

Australian Government advice: Australian Cyber Security Centre.

Australia and New Zealand’s national identity and cyber support service IDCARE.

Report incidents via ReportCyber or to the Office of the Australian Information Commissioner.

Additional information can be found at Scamwatch, Moneysmart and Stay Smart Online.

24-hour telephone support is available from:

  • Lifeline 13 11 14
  • Beyond Blue 1300 224 636
  • 1800RESPECT 1800 737 732
  • Department of Health – Mental Health Hotline – 1800 332 388
  • Anglicare Tas – 1800 243 232

david.killick@news.com.au

Originally published as Tasmania data breach explainer: How to protect yourself from the Russian data hack

Add your comment to this story

To join the conversation, please Don't have an account? Register

Join the conversation, you are commenting as Logout

Original URL: https://www.news.com.au/national/tasmania/tasmania-data-breach-how-to-protect-yourself-from-the-russian-data-hack/news-story/45ea5fa8ff940d709da999aa0c1534aa