Australia: Sensitive data of over 2,000 TAFE SA students stolen in data breach

Vocational education and training provider TAFE SA is notifying over 2,000 students of a data breach involving information found in their student identification forms.

According to a notice posted today, TAFE SA learned of the breach after South Australian Police (SAPOL) on an unrelated investigation stumbled upon several USBs containing scanned copies of students’ forms.

“These devices were obtained at different times through investigations that were not related to each other and not related to the TAFE SA data breach,” SAPOL explained. “As a result of identifying the link between the devices, SAPOL are continuing to investigate this matter in order to identify the source of the data.”

The Adelaide-based education provider said the breach occurred before December 2021 and that it is now conducting a “robust” investigation into how sensitive information of its students was stolen.

Although the organization can’t provide additional information on how data exfiltration was possible, TAFE SA said they “accurately” identified all students whose data was involved in the breach.

“While TAFE SA’s investigation is continuing, security measures are being increased with access to the system that holds the Student ID Forms being restricted, ensuring access is only provided for business-critical functions,” the data breach notification reads. “Once copies of the breached data were provided to TAFE SA, a dedicated team was implemented to extract, analyse and verify the complex data in order to notify impacted students as quickly as possible.”

In total, 2,224 students enrolled between 2016 and 2021 were the victim of this data breach. Compromised data includes:

• TAFE SA Student ID Number
• Course details
• Full name and date of birth
• Physical address
• Copies of a student’s proof of identity, such as driver's licenses and passports

All students whose data was stolen or compromised in the breach will receive reimbursement for any cost of replacing compromised driver’s licenses, learner’s permits or passports.

In addition, the organization urges students to watch out for attacks on their identity and money. Data breach victims should follow good cyber hygiene practices, including:

• Using complex and unique passwords and enabling multi-factor authentication on accounts
• Monitoring banking and superannuation accounts for any suspicious activity
• Analyzing all unsolicited emails, text messages or calls requesting personal information, credit card numbers, passwords or PINs. Never respond to such requests
• Reporting any suspicious activity to police and other relevant organizations, including their financial provider or bank, the Australian Cyber Security Centre (ACSC) and Scamwatch

How can an identity protection service such as Bitefender Digital Identity Protection help data breach victims?

With Bitdefender Digital Identity Protection, you can instantly check if your data has been leaked in a recent or old data breach. You also see what type of information was exposed and how risky this is for you.

Bitdefender Digital Identity Protection scours the digital world for bits of information and tracks them back to your identity; it also checks for any leaked passwords that may compromise the security of your online accounts and finances. So not only can you see your digital footprint at a glance, but you also get recommended steps to take for each account involved in a data breach.