The Queensland government has admitted records compromised by a hack on TAFE and Department of Education websites included sensitive personal information, including complaints of sexual assault dating back to 2013.
The concession comes despite Skills Minister Yvette D’Ath assuring parliament earlier this week that the accessed records were no more sensitive than what might be available “on other public websites like the White Pages”.
On Tuesday, government chief information officer Andrew Mills confirmed hackers had successfully infiltrated the websites of Queensland TAFE and the Department of Education and accessed data submitted via online feedback and enquiry forms.
The government discovered the intrusion when it was emailed an anonymous threat in relation to the stolen information.
This week, Education Minister Kate Jones and D’Ath have kept quiet about what information was accessed, citing police concerns about the ongoing threat posed by the hack and the integrity of the investigation into the incident.
However, with revelations about sensitive data making it into the hands of members of the public, including opposition MPs, Jones said she had been given a green light by Police Commissioner Ian Stewart to confirm some more details.
“As there has been an unauthorised disclosure of information today, he has approved the release of the following: in relation to the Department of Education and Training, more than 600 records dating back to 2013 were accessed illegally," she said yesterday.
“However, in relation to records deemed to be of a more sensitive nature, the department has contacted 16 people to alert them to this cyber crime. I can confirm that all of these matters dating back to 2013 were dealt with appropriately at the time."
She also said the “unauthorised disclosure” of the content of the compromised information had been referred to the crime and corruption commission by the Department of Education director-general.
“The unauthorised release of this information is deeply concerning and has been provided publicly against the consistent advice of the Queensland Police Service and the Queensland Government chief information officer,” she said.
The hacking has been reported to the Queensland Police, the Australian Federal Police and the Australian Cyber Security Centre.