North Metropolitan TAFE
| Primary URL | Location | Industry | www[.]northmetrotafe[.]wa[.]edu[.]au |
Country
Australia
|
Education
|
|---|
Profile
West Australian TAFE, also known as North Metropolitan TAFE, is a public vocational education and training provider based in Western Australia. The institute delivers certificate and diploma courses across various industries, serving students and employers within the region. Its core function is to provide practical skills and qualifications that support workforce development, operating as part of the state's Technical and Further Education system. The organization manages sensitive personal information for its student and staff populations, a responsibility underscored by a significant data breach in 2017 that compromised records for over 13,000 students. This incident indicates a substantial student body, though exact total enrollment figures are not provided. The institute's activities are situated within the Australian public education sector, where it contributes to national vocational training objectives.
The organization's recent history is notably marked by a cybersecurity incident on August 28, 2017, when an attacker gained unauthorized remote access to its IT systems. This breach exposed sensitive personal details including names, addresses, encrypted passwords, and IP addresses of students and an unspecified number of staff, though current login credentials and financial data were not accessed. The attack was characterized as unsophisticated and occurred amid prior governmental audits that had identified systemic security weaknesses such as easily guessable passwords, unpatched systems, and unencrypted backups. In response, the institute immediately shut down affected systems and engaged both police and an internal government review. Subsequent security scans across other regional institutions found no further compromises, suggesting the incident was isolated. This event highlights the operational challenges faced by public educational bodies in maintaining robust cybersecurity postures, particularly within environments where legacy system vulnerabilities have been previously documented.