Tasmania's government confirmed that its VETtrak vocational student management system, operated by ReadyTech, was targeted in a cyber attack. The platform is utilized by multiple state agencies, including the Department for Education, Children and Young People, the fire services, and the health department. Initially, there was no evidence of sensitive student data being accessed. However, on October 24, ReadyTech disclosed that a small number of documents containing personal information from the platform had been published by malicious actors, indicating a data leak. The incident was reported to the Australian Federal Police (AFP), the Australian National Office of Cyber Security, and other relevant agencies.The Tasmanian Department of Premier and Cabinet issued a warning that cybercriminals might exploit the stolen data for fraudulent activities, urging vigilance and reporting of suspicious behavior. While the breach appears limited in scope, the exposure of personal information even in small quantities poses risks of identity theft, phishing, or financial fraud. ReadyTech emphasized compliance with government guidance, discouraging access to the leaked data to avoid fueling cybercriminal operations. The attack disrupted administrative functions across critical state services, though no large-scale operational outages were reported.
TPRM report: https://www.rankiteo.com/company/councilwise-pty
"id": "cou2162121102925",
"linkid": "councilwise-pty",
"type": "Cyber Attack",
"date": "10/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Public Administration',
'location': 'Tasmania, Australia',
'name': 'Tasmanian Government',
'type': 'Government'},
{'industry': 'Education Technology',
'location': 'Australia',
'name': 'ReadyTech',
'type': 'Private Company (Third-Party Supplier)'},
{'customers_affected': 'Students (potential exposure of '
'personal information)',
'industry': 'Education',
'location': 'Tasmania, Australia',
'name': 'Department for Education, Children and Young '
'People (Tasmania)',
'type': 'Government Agency'},
{'industry': 'Public Safety',
'location': 'Tasmania, Australia',
'name': 'Tasmania Fire and Emergency Services',
'type': 'Government Agency'},
{'industry': 'Healthcare',
'location': 'Tasmania, Australia',
'name': 'Tasmania Health Department',
'type': 'Government Agency'}],
'customer_advisories': 'Public advised to report suspicious activity and '
'avoid engaging with leaked data.',
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 'Small number of documents',
'personally_identifiable_information': True,
'sensitivity_of_data': 'Moderate (personal information, but '
'no evidence of sensitive student data '
'accessed initially)',
'type_of_data_compromised': ['Personal Information']},
'date_detected': '2023-10-17',
'date_publicly_disclosed': '2023-10-17',
'description': "Tasmania's government confirmed that its VETtrak vocational "
'student management system, used by several state agencies '
'(Department for Education, Children and Young People, fire '
'and emergency services, and health department), was hit by a '
'cyber attack. The platform, developed by third-party supplier '
'ReadyTech, was first reported to the ASX on October 17. While '
'no evidence initially suggested sensitive student data was '
'accessed, ReadyTech later disclosed on October 24 that a '
'small number of documents containing personal information had '
'been published online. The incident was reported to the '
'Australian Federal Police (AFP), and the company warned '
'against accessing the leaked data to avoid fueling '
'cybercriminal activity. Authorities cautioned about potential '
'fraud risks stemming from the stolen data.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'data exposure and fraud risks',
'data_compromised': ['Personal Information (limited documents)'],
'identity_theft_risk': 'High (malicious actors may use stolen data '
'for fraud)',
'systems_affected': ['VETtrak vocational student management '
'system']},
'investigation_status': 'Ongoing (reported to Australian Federal Police and '
'cybersecurity authorities)',
'ransomware': {'data_exfiltration': True},
'recommendations': ['Monitor for suspicious activity related to exposed '
'personal information',
'Avoid accessing or sharing leaked data to prevent '
'further exploitation by cybercriminals'],
'references': [{'source': 'ReadyTech ASX Announcement (October 17, 2023)'},
{'source': 'ReadyTech ASX Update (October 24, 2023)'},
{'source': 'Tasmanian Department of Premier and Cabinet '
'Advisory'}],
'regulatory_compliance': {'regulatory_notifications': ['Australian National '
'Office of Cyber '
'Security',
'Relevant government '
'agencies']},
'response': {'communication_strategy': 'Public disclosure via ASX and '
'government advisories; warnings '
'against accessing leaked data; '
'encouragement to report suspicious '
'activity.',
'incident_response_plan_activated': True,
'law_enforcement_notified': True},
'stakeholder_advisories': 'Government agencies and affected entities warned '
'about potential fraud risks from stolen data.',
'title': "Cyber Attack on Tasmania's VETtrak Vocational Student Management "
'System',
'type': ['Cyber Attack', 'Data Breach']}