TAFE hack touches thousands
TAFE SA has experienced a significant data breach compromising the personal information of over 2,000 students.
The breach affected students who enrolled between 2016 and 2021 across all of the organisation's campuses, it revealed this week.
TAFE SA CEO David Coltman confirmed that the breach resulted in the theft of documents used to enrol in courses, including driver's licences, passports, proof of age cards, and tax file numbers.
Although TAFE SA is still investigating how and when the data breach occurred, an internal investigation found that 87 per cent of the accessed documents had expired.
Coltman announced that the organisation has commissioned an external independent forensic analyst to lead a “robust” investigation into the breach.
“Right now, our focus is on supporting our students, and we are committed to finding out how this breach occurred,” he said.
Affected students were notified via email and will receive follow-up phone calls if the email bounces back. TAFE SA will cover the fees for proof of age and passports for those needing new documents.
Coltman expressed regret over the inconvenience this will cause to impacted students, saying; “We are continuing our investigations into how this data left our organisation and we are ensuring we minimise the likelihood of future breaches.”
TAFE SA reportedly became aware of the data breach in March 2022 when South Australia Police informed the organisation that it had discovered copies of the documents on a USB device with the details of 24 students during an unrelated investigation.
TAFE SA was provided with an additional USB containing 3,000 lines of data in November 2022, and a response team was immediately set up to extract the data from the device.
All staff access to the platform containing the details of students has been restricted, and any access will require the CEO's approval.
“This is a very serious matter for us and it is a very serious matter for our students,” Coltman emphasised.
“We have further encrypted all of the data - the student identification data - that we collect from students. That sits now on a separate server.”