Queensland TAFE suffers security breach, student data accessed


news The Queensland Government says is working with security experts to assess a security breach of the TAFE Queensland and Department of Education and Training websites in which students’ details have been exposed.

According to a statement from Queensland Government Chief Information Officer Andrew Mills released this week, the investigation follows receipt of an email threat from an unknown source.

The government has assessed the threat as “credible but low-level”, he said, and has put in protective measures to strengthen security protocols.

The government has also commissioned cyber security experts, and notified federal and state police agencies, and the Australian Cyber Security Centre, he added.

Mills said initial investigations have confirmed that information was “illegally accessed and relates to enquiries and feedback data submitted online” and stressed that no financial data such as credit card information or bank details was accessed in the breach.

While the government will not be providing specific details of the information accessed “for security reasons”, ABC Online said that thousands of students had personal details exposed in the breach, including names and addresses.

In Parliament, Attorney-General Yvette D’ath said the details taken could “otherwise be found on other public websites, such as the White Pages”.

Opposition Leader Lawrence Springborg asked that the government reveal further details of the breach, saying, “Now, it’s not good enough … to stand in here and to say ‘it’s all been done and dusted, it’s OK it’s just gone away’.”

“We remain committed to the highest online security protocols required to safeguard our information and Queenslanders can be assured that we are committed to fully investigating this illegal act,” said Mills in his statement.

Image credit: Joshua Davis


  1. Ah, they can be assured of that, can they? Well that’s OK then.

    Seriously, until senior mangers can be found criminally liable for inadequate planning, design and due diligence to secure their sites and portals *nothing* is going to change. It’s cheaper to not do good security and hope you aren’t breached, and even if you are there’s still no personal or professional liability for, well, anyone. It is the customers and public who wear the damage, so if there’s no legislation to protect them, they will have no meaningful, collective voice.

Comments are closed.