Departmental Release

Tocal College data breach

Published:
4 November 2024
Released by:
ID Support NSW

The Department of Primary Industries and Regional Development (DPIRD), which administers the Tocal College Student database, was the victim of a cyber security incident. The type of incident was identified as a ransomware case specifically called Loki ransomware. 

What happened

The department became aware of the incident on 16 September 2024 and immediately shut down access to the database and removed the database from its system. The NSW Police, NSW Privacy Commissioner, Cyber NSW and the Australian Cyber Security Centre have been notified.

The department engaged the services of a cyber security forensics firm to conduct a forensic investigation to identify the root cause and to prevent recurrence. The investigation found that:

  • the threat actor had access to the database from 13 September 2024 until 16 September 2024
  • personal information stored within the database was accessible to the threat actor during this time
  • the threat actor did not access any files or folders while running the ransomware. However, approximately 1GB data was seen leaving the network. The forensic investigator assessed that due to the duration of the connection and the amount of data seen leaving the network, that no substantial data exfiltration occurred

  • the forensic investigation concluded that the malicious activity undertaken by the threat actor was performed for the purposes of encryption rather than to exfiltrate or access the data. 

     

What was accessed

The types of personal information that may have been disclosed during this incident include:

  • name
  • date of birth
  • gender
  • citizenship
  • address
  • email
  • phone
  • identity document used for registration on the Tocal database
  • language spoken at home
  • disability status
  • Aboriginal and Torres Strait Islander status.

Payment details and account passwords have not been compromised. 

 

What the agency is doing

People who studied with the Tocal College during 2019-2024 will be directly notified of the incident.

Read the official The Department of Primary Industries and Regional Development (DPIRD) official breach notification.

Fact sheets containing further information are available from the Information and Privacy Commission

 

What an affected individual can do

  • If you believe your information has been misused as a result of this incident, report this to ReportCyber at cyber.gov.au.
  • Be alert to scams and suspicious emails and telephone calls from people requesting your personal details, (especially things like your date of birth, residential address, driver’s licence numbers, email address, username and passwords which are often used to verify your identity). Do not click links or open attachments unless you can be certain they are authentic. 
  • Don’t share your password or give remote access to your computer or other device and change and update online passwords regularly.
  • As a precaution you can contact credit reporting organisations like Equifax, illion or Experian to confirm if your identity has been used to obtain credit without your knowledge, or to request a short-term credit ban be put in place
  • Be suspicious if anyone contacts you and claims to be from Tocal College or a government agency. They may get in touch with you about this breach via email, letter, phone call, or text message. 

More advice on protecting yourself online is available at: Protect your personal information and privacy 

 

Get support

ID Support NSW is a free government support service for all people in NSW to help individuals restore and protect their identity documents and personal information.

If you believe your personal information has been stolen, used, breached, or accessed without your knowledge or consent, or anyone impacted by this unfortunate event, contact ID Support NSW.

  • Call us on 1800 001 040 Monday to Friday, between 9am and 5pm

Your review rights

The NSW Information and Privacy Commission has more information about making a complaint as well as your review rights. If you believe your personal information has been impacted by this incident and you want to request an internal review you can email us at gipa@dpird.nsw.gov.au.

Related Departmental Releases

Departmental Release
2 May 2023
Dr Felix Chan data breach
In May 2023, IT systems operated by Dr Felix Chan were subject to a cyberattack. These systems stored patient care records. While this cyber security incident has not impacted NSW Government systems, ID Support NSW is notifying patients on behalf of Dr Chan.
Departmental Release
31 March 2023
Tasmanian Government data breach
ID Support NSW is working in partnership with the Tasmanian Government to notify individuals affected by the possible theft of data from a third-party file transfer service used by the Department of Education, Children and Young People (DECYP). 
Departmental Release
15 March 2023
Latitude Financial data breach
Latitude Financial was subject to a cyberattack in March that resulted in the theft of personal information. The theft affects customers, past customers, and applicants across Australia and New Zealand. What does this mean for me? Latitude Financial has contacted affected customers, past customers, and applicants to let them know what personal information of theirs was compromised and what support we are providing. To date, we have notified affected individuals with an email address on file, and we are in the process of contacting other individuals by letter. Customers who have had their NSW driver licence details exposed in the Latitude Financial data breach are encouraged to contact us at ID Support NSW for free support and advice on replacing their card and safeguarding other and related identifying documents. We can help.  We can help you restore and protect your identity. Call  ID Support NSW  on  1800 001 040   9am to 5pm, Monday to Friday, or opt for our easy  online call back form . 

See all departmental releases

Download as PDFPrint this page
Top of page