Queensland TAFE student data exposed in hack

The personal records of thousands of students have been exposed, due to a cyber attack that hit TAFE Queensland's database, with the security breach impacting the Department of Education and Training website as well.
Written by Asha Barbaschow, Contributor

TAFE Queensland has experienced a breach that has seen the personal details of thousands of the state's TAFE students exposed.

Queensland Attorney General Yvette D'Ath insists, however, the cyber attack did not uncover anything that wouldn't be available in a phone book. D'Ath played down the IT system hack on Tuesday morning and said the breach did not uncover sensitive information such as financials or credit card details.

"[We're] confident that the information available that has been hacked is very low level information in the majority of cases," D'Ath said. "In that this information is information that would be otherwise found on other public websites such as the White Pages and so forth."

However, D'Ath said for security reasons, the government would not confirm exactly what information had been hacked.

Opposition education spokesman Tim Mander said the government needed to clearly outline what information had been hacked.

"I've even heard reports the department didn't find out about this breach until they received a random demand from the hackers," Mander said. "I'm assuming they asked for something so the information wouldn't be released."

Mander said it indicated the information obtained was of some value.

Queensland government chief information officer Andrew Mills said the "low level" security breach impacted the websites of TAFE Queensland and the Department of Education and Training.

"The Queensland government has immediately enacted protective measures to further strengthen its security protocols and my office is overseeing this work," Mills said.

"The government has also commissioned cyber security experts, and notified federal and state police agencies, as well as the Australian Cyber Security Centre."

The Queensland Police Service (QPS) issued a statement on Tuesday morning that said it is working with other relevant law enforcement and government agencies regarding the illegal access of an IT database from TAFE Queensland.

"The illegal activity follows a number of recent cyber attacks on other agencies across the country," the statement said.

Last week, the QPS issued a statement via the Cyber Security Crime Group, warning Queenslanders of an increase in scams, in particular Malware-based attacks, urging businesses and individuals to keep on their guard.

"In the last month we have noticed a dramatic increase in not only the number of scams circulating, but the sophisticated nature of these scams. We are concerned and need to ensure the community is taking every possible step to prevent this from happening to them," acting Detective Superintendent Terry Lawrence of the Fraud and Cyber Crime Group said.

"The theft of personal and business data will continue. Whether these thefts be aimed at the individual or at larger organisations as part of strategic ransomware attacks, these crimes are highly profitable for criminals and will, without question, continue to rise."

According to the QPS, recent attacks it has seen include malware and ransomware attacks, as well as phishing and other hacking methods to perform document theft. It also said cyber attacks on business and government agencies have occurred recently.

The QPS told ZDNet it was unable to confirm the agencies due to privacy reasons.

Updated on November 10, 4.25pm AEST: Added comment from opposition education spokesman Tim Mander.

With AAP

Editorial standards