Tassie hack detailed
Several Tasmanian government agencies have been affected by a cyber attack.
Tasmania's TAFE system, Teachers Registration Board, and the Commissioner for Children and Young People have been caught up in a data breach from the state’s Department of Education, Children and Young People.
According to reports, hackers gained access to 16,000 documents that were posted online after accessing data from the Department through a third-party file transfer service called GoAnywhere MFT.
The stolen data contained sensitive information about students, including their names, schools, bank account details, and birth dates. Those who were affected were advised to keep an eye on their bank accounts and report any suspicious activity.
However, Tasmania Police Chief Commissioner Donna Adams and Secretary of the Department of Premier and Cabinet Jenny Gale have written a joint letter to members of the Labor Opposition and media outlets, requesting that they refrain from giving any further coverage to the incident to avoid exacerbating the state's susceptibility to cyber attacks.
They suggested that media coverage can increase the risk of cyber threats, stating that cybercriminals function as organised crime and operate on a ransomware business model that generates uncertainty and fear.
“The current media environment is fuelling that business model,” they wrote.
“I would appreciate your cooperation by heeding the same advice and not doing any further media.”
Social media users, including Labor figures and lawyers, have criticised this direction, describing it as “outrageous” and “extraordinary”, and noting that the opposition and the media have a responsibility to keep the government accountable.
Some experts, such as former national cybersecurity adviser to the federal government and chief strategy officer for advisory firm CyberCX, Alastair MacGibbon, agree that caution is necessary when reporting such incidents to avoid amplifying the impact.
However, MacGibbon has also emphasised the importance of the media in educating the public on what to do in the event of a data breach.
“We certainly have seen [hackers] contact journalists, and just like in terrorist situations or in situations of self-harm, there does need to be caution sometimes on how these things are reported,” Mr MacGibbon has told reporters.
“That shouldn't be read as saying the media shouldn't report it.
“The intent of the letter seems to be not about asking questions per se, but the reporting of it and how it could be used by the hacker and thousands of people who might be concerned about their data.”
The breach of GoAnywhere MFT, a US-based third-party file transfer service, was first revealed in March, and Science and Technology Minister Madeleine Ogilvie initially claimed that there was no indication that any government-held data had been compromised.
However, a few days later, it was announced that sensitive information, including names, addresses, and bank account numbers, had indeed been accessed.
Finally, late last week, Ms Ogilvie revealed that the breach involved up to 16,000 documents. The government has since engaged Alastair MacGibbon to provide technical assistance in dealing with the data breach.