The Tasmanian government said around 16,000 financial invoices and statements issued by the department of education had been lost and leaked in its exposure to the GoAnywhere breach.
Minister for science and technology Madeleine Ogilvie said the documents included “information relating to student assistance applications, and may include names and addresses.”
“We knew this was a very real risk,” she said in a statement on Friday last week.
In a separate advisory, the department of education, children and young people - DECYP - said the documents were both "current and historical".
They also pertain to a number of entities: DECYP said "interactions" with the Teachers Registration Board (TRB), Office of the Education Registrar, Office of Tasmanian Assessment, Standards and Certification (TASC), Commissioner for Children and Young People, Government Education and Training International (GETI), Libraries Tasmania) and TasTAFE, could all be impacted.
The range of data leaked included names, addresses, school name, DECYP reference number, child's name, homeroom, year group, and - for TasTAFE only - the learner's date of birth.
The department apologised and urged parents to "remain vigilant and if needed, take practical steps including staying alert for any suspicious financial activity or attempted scams."
The government disclosed its exposure to the breach of third-party file transfer service GoAnywhere MFT a week ago, and later said financial data from the department of education may have been stolen.
The statement on Friday confirmed the extent of data that had been stolen and leaked.
A day later, the government said it had not seen additional leaks of information, but that it is continuing to monitor the situation.
It has now brought in CyberCX to “assist with investigations".
“We continue to urge people to stay alert for any suspicious financial activity or attempted scams,” Ogilvie said.
“We will act immediately if there are any updates, and will keep the community informed at every step.”
A call centre for victims is operating that is contactable on 1800 567 567 between 9am – 6pm.
DECYP said victims seeking immediate support could phone Lifeline (13 11 14) or Beyond Blue (1300 224 636).
