TAFE South Australia, a vocational education and training institution, has disclosed a data breach after South Australia Police seized “devices containing electronic scanned copies of TAFE SA student identification forms”.
The forms included credentials such as driver’s licenses and passports for enrolments prior to 2021 across all campuses.
A total of 2224 records were breached, and TAFE SA has contacted all those affected.
While the investigation continues, TAFE SA has increased security measures by restricting access to the system that holds the student ID Forms, ensuring access is only provided for business-critical functions. A dedicated team was implemented to extract, analyze and verify the complex data in order to notify impacted students as quickly as possible.
The South Australian government will waive the cost of replacing credentials such as driver’s licenses, learner’s permits, and proof-of-age cards.
TAFE SA will reimburse the cost for those who use their myGOV SA account to replace their credentials. According to the ABC, 87% of the breached credentials had expired.
TAFE SA CEO David Coltman told the ABC that the SA Police first notified it of the breach in March 2022, when SA Police said it had found 24 students’ credentials on a USB that was discovered in a separate investigation, and that further credentials were discovered on another USB in November. The disclosure comes as Australian institutions continue to face cyber attacks, highlighting the need for robust security measures to protect sensitive data.
