Financial data including names, addresses, invoices and bank account numbers may have been accessed in the cyber security breach affecting the Tasmanian government, the state's minister of technology says.
At a press conference on Monday, Science and Technology Minister Madeleine Ogilvie said it appeared no government-held data had been compromised in the hack of a file sharing site, by the ransomware group Cl0p.
But on Wednesday, Ms Ogilvie said the investigations had found there was a risk financial data, held by the Department for Education, Children and Young People, had been accessed — but added there was "no confirmation such information has been stolen" and reiterated "no Tasmanian government IT systems have been hacked".
"I understand reports such as this may cause concern in the community," she said.
"That's why we will continue to keep the Tasmanian community updated and advise where support can be accessed."
An email has been drafted for the parents of Tasmanian students, which states:
What we know:
• This software is used by the Department for Education, Children and Young People;
• At this stage, there is no proof that anything has been stolen;
• Early investigations indicate that there is a risk that financial data from the Department for Education, Children and Young People may have been compromised;
• The financial data may include names, addresses, invoices and bank account numbers.
It's important the Tasmanian community is aware of the possible theft. Please be vigilant and, if needed, take practical steps including staying alert for any suspicious financial activity or attempted scams. The Tasmania government continues to closely monitor the situation. Updates will be provided as they become available.
When asked whether the hackers had made contact with the Tasmanian government, Ms Ogilvie said the investigation was being handled by the Australian Cyber Security Centre.
She advised Tasmanians to regularly check their bank accounts and said if they had any concerns to contact their financial provider or the Australian Cyber Security Centre.
The government announced there had been a security breach on Friday, March 31, but provided few details.
Crown Resorts and Rio Tinto were also targeted in the hack.
Ms Ogilvie conceded she had known about the breach for almost a week but the threat was "only assessed as credible on Friday [March 31]".
At the time, the minister said no government-held data had appeared to have been compromised, but added the investigation was "ongoing".
The Opposition's shadow minister for ICT, Science and Technology Jen Butler said the Minister had shown "incompetence and contempt" for Tasmanians in her handling of the cyber security breach and called on her to resign.
"Tasmania has the worst performing cyber security protection in the country and this breach of our personal data is wholly due to the Minister's negligence," Ms Butler said.