They have asked MPs to stop talking about the hack, have asked the media to limit reporting, and say government updates will be curtailed.

Ransomware group Cl0P has accessed sensitive information of via a massive breach of data transfer service GoAnywhere.

About 16,000 Department of Education, Children and Youth documents have been released on the dark web by Russia-linked hackers, including sensitive financial information of students and their parents or caregivers.

In their letter to MPs, DPAC chief Jenny Gale and Commissioner Donna Adams asked them to stop talking to the media about the hack.

They note the State Emergency Management Committee has been activated and the event has been assessed at Level Two under the state’s emergency management arrangements.

There will be no updates from the government unless there is “another data drop or there is a significant event”.

“The security advice is that continual coverage beyond informing Tasmanians when there is a release of data can increase the cyber risk to Tasmania and none of us want to be responsible for that,” the letter to MPs said.

“I would appreciate your co-operation by heeding the same advice and not doing any further media.”

In their letter to media organisations, Ms Gale and Ms Adams say there is a “very real risk that the attacker may use the current attention as a signal to start a new phase of the attack or increase their efforts.

“Based on national security advice and best practice noted above, we have advised the government to only provide public comment or do media if there is a significant event to inform the community,” they wrote.

“We’d strongly encourage a united approach. The security advice is that continual coverage beyond informing Tasmanians when there is a release of data, can increase the cyber risk to Tasmania.”

“The current media environment is fuelling that business model and potentially putting the Tasmanian community at further risk.

“The media coverage of this event is detrimental to Tasmania’s interests and increases its attractiveness as a target for future attacks.”

National criminal justice spokesman for the Australian Lawyers Alliance Greg Barns said the directive was “deeply troubling”.

“It is imperative that executive government be scrutinised at all times, particularly in the way it deals with privacy issues and the data of its citizens,” he said.

“The most effective ways of doing that is through media and political scrutiny — and to suggest otherwise is effectively ensuring that we get no improvement in security.

“It’s also sending a message that people who are critical of government when it comes to cyber security are somehow responsible for putting the community at risk, which is palpable nonsense.

“The way you put the community at risk is by hiding from scrutiny.”

Opposition requests last week for a briefing on the attack were rejected by the government. Briefings have now been offered, although the Mercury understands the public servant who would conduct the briefing is on leave.

Greens leader Cassy O’Connor said her party would not be commenting until after they received a briefing.

‘The Greens will be respecting the advice we’ve received about this significant data breach, and not make public comment on the matter at this stage,” she said.

“We’ve got a series of questions about this situation which we’ll be asking in our upcoming briefing with DPAC and the State Controller.”

david.killick@news.com.au

More Coverage

Tasmania ‘not out of the woods’ in global data breach crisis

Judy Augustine, Amber Wilson and David Killick

'Going without’: Community faces one year with no doctor

Hayden Cornes