Share this article on:
Going back on its statement from just days ago, the Tasmanian government has announced that a range of personal details are at risk following the cyber breach it suffered last week.
Despite Science and Technology Minister Madeleine Ogilvie on Monday (3 April) claiming that government-held data was safe, she announced on Wednesday (5 April) that financial data, including names, addresses, bank account numbers and invoices might have been accessed by the threat actors behind the GoAnywhere breach.
“The latest investigations indicate a risk that financial data from the Department for Education, Children and Young People may have been accessed in the global incident,” said Minister Ogilvie.
“This may include names, addresses, invoices and bank account numbers.
“I stress there is no confirmation such information has been stolen, and reiterate that no Tasmanian government IT systems have been hacked.”
The Tasmanian government, while not hacked directly, was caught up in a recent supply chain attack on third-party cloud service provider GoAnywhere.
The attack affected around 130 businesses, according to the cyber criminal organisation behind the breach, Clop ransomware.
A number of Australian businesses were affected in the breach, including Rio Tinto and Meriton.
“I understand reports such as this may cause concern in the community,” added Minister Ogilvie.
“That’s why we will continue to keep the Tasmanian community updated and advise where support can be accessed.
“It is important that the community is aware of the possible theft so they can be vigilant and, if needed, take practical steps, including staying alert for any suspicious financial activity or attempted scams.
“The government will continue to closely monitor and investigate the situation, and we will act immediately if there are any updates.”
Supply chain attacks such as the GoAnywhere breach are becoming increasingly common and affecting a growing number of Australian businesses.
The consequences of such attacks are dire, affecting a number of institutions rather than just one.
Experts had previously stated that supply chain attacks would present themselves as a major threat to the cyber security landscape in 2023 and going forward.
“With the region’s high reliance on open-source software, organisations are likely to be perceived as prime targets to cyber threats from supply chains,” said LogRhythm chief information security officer Kevin Kirkwood.
“In 2023, we will see bad actors attack APAC’s [Australia and the Asia-Pacific region’s] vulnerabilities in low-hanging open-source vendors with the intention of compromising the global supply chain that utilises third-party code.”