The Department of Primary Industries and Regional Development (DPIRD), which oversees the Tocal College Student database, has reported a serious cybersecurity incident involving the Loki ransomware. The breach was detected on September 16, 2024, prompting immediate action from the department to shut down access to the database and remove it from their systems. In light of the incident, the DPIRD has notified various authorities, including the NSW Police, the NSW Privacy Commissioner, Cyber NSW, and the Australian Cyber Security Centre, to ensure a coordinated response to the breach.
A forensic investigation was initiated to determine the extent of the breach and identify the vulnerabilities that allowed unauthorized access. The investigation revealed that the threat actor had access to the database from September 13 to September 16, 2024, during which time personal information stored within the database may have been exposed. Fortunately, the investigation indicated that while approximately 1GB of data was observed leaving the network, there was no substantial data exfiltration. The primary aim of the malicious activity appeared to be encryption rather than theft.
The types of personal information potentially compromised in the breach include names, dates of birth, addresses, email addresses, phone numbers, and other identifying information such as citizenship and disability status. Importantly, payment details and account passwords were not compromised, which may offer some reassurance to affected individuals. Despite this, the exposure of such sensitive data poses significant risks to the privacy and security of the students associated with Tocal College.
In response to the breach, DPIRD has advised current and former students from 2019 to 2024 to remain vigilant regarding unsolicited requests for personal information, such as dates of birth and residential addresses. They are also urged to change their online passwords regularly and monitor their financial accounts for any unusual activity. The department is committed to enhancing its cybersecurity measures to prevent future incidents and is providing resources for individuals seeking to protect their personal information following this breach.
Reference:
