ReadyTech October 2025 VETtrak Notice

Notification

On the 16th of October 2025, SMYL was made aware of a cybersecurity incident involving ReadyTech, the provider of the VETtrak trainee records management system. This incident has had an impact on many organisations and their clients.

ReadyTech has advised SMYL that, based on their current investigation, data relating to SMYL trainees was not impacted in this breach.

Given that SMYL stored historic training records in VETtrak, to meet regulatory compliance obligations, we are making this notice available in the interest of transparency and to keep our community fully informed.

What happened?

ReadyTech, a widely used third-party provider in the VET sector, detected unauthorised access to their systems. This resulted in the publication of documents containing some personal information.

What you should know?

ReadyTech immediately isolated the affected systems and engaged external cybersecurity experts to ensure the breach was dealt with quickly and effectively.

Authorities have been notified, and they have contacted training organisations, such as SMYL, so that we are aware. We are actively monitoring the situation and working closely with ReadyTech to understand the full scope and impact.

Are my records impacted?

As of the 3rd of November 2025, ReadyTech has informed SMYL that no SMYL data was involved in this breach. Therefore, at least as far as your training records with SMYL are concerned, it is unlikely your data was involved.

General advice

As general advice following any incident, we recommend you remain vigilant for any signs of identity theft or misuse of your personal information. Please keep an eye out for unfamiliar transactions on your bank or credit card statements, unexpected bills or credit enquiries, or notifications about password resets or logins from unknown locations. Be cautious of phishing emails or scams that may reference this incident or your training records.

Further information

You may choose to follow ReadyTech’s information relating this cyber security incident, here: https://status.vettrak.com.au/incidents/ft0rcxnlr5xf.

GENERAL ACTIONS TO CONSIDER IF YOU HAVE BEEN INVOLVED IN A DATA BREACH

The following actions are provided as general advice for individuals who may have been affected by a data breach. Please note, specific steps may vary depending on the nature of the breach and personal circumstances.

Remain vigilant for suspicious communications: Be cautious of emails, calls, or messages requesting sensitive information or urging immediate action. Scammers may use information gained from breaches to attempt phishing or social engineering attacks.
Change passwords immediately: Update your passwords for any accounts that may have been compromised, especially if you use the same password across multiple accounts. Consider using unique, strong passwords for each account and enable multi-factor authentication where available.
Monitor your accounts regularly: Keep an eye on bank statements, online accounts, and credit reports for any unauthorised activity or unfamiliar transactions. Report any suspicious activity to your provider as soon as possible.
Contact relevant organisations: Notify your bank, credit union, or any affected service providers if you believe your financial or personal information has been compromised. They may be able to place additional security measures on your accounts.
Access support services: If the breach causes distress or you need further guidance, consider contacting support services such as IDCARE (www.idcare.org), which specialises in identity and cyber support for Australians.
Stay informed: Follow any updates or guidance issued by the organisation involved in the breach. They may provide specific instructions or resources tailored to your situation.
Update security settings: Review and strengthen security settings on your devices and online accounts to reduce future risk.
Consider credit monitoring or a ban: If financial details have been exposed, you may wish to request a credit report or consider placing a temporary ban on your credit file to prevent new accounts being fraudulently opened in your name.

Remember, these are general steps and may not cover all circumstances. If you are unsure how to proceed, seek professional advice relevant to your situation.

FREQUENTLY ASKED QUESTIONS

Frequently Asked Questions for Trainees Impacted by the Incident

What information may have been exposed in this incident?
- At this stage, ReadyTech has confirmed no SMYL data is included. This notice is provided purely as a precaution to make you aware of the potential risk. If any data is later discovered to be involved, it may relate to training activities carried out between 2009 and 2019.
What should I do immediately if I think my details are compromised?
- Change your passwords, especially for accounts using similar credentials, and enable multi-factor authentication where possible. Notify your bank or any relevant service providers and monitor your accounts for unusual activity.
How do I know if my accounts have been accessed without my permission?
- Review recent account activity for unfamiliar logins, password changes, or transactions. If you notice anything suspicious, contact the provider immediately and consider placing additional security measures on your accounts.
Should I be worried about identity theft?
- While not all data breaches lead to identity theft, it’s important to remain vigilant. Consider contacting IDCARE (www.idcare.org) or a similar organisation for support and advice. You can also request a credit report or place a temporary credit ban for added protection.
Who can I contact for help or more information?
- You can reach out to IDCARE (www.idcare.org) for identity and cyber support, or consult the organisation involved in the breach for guidance. Your bank or credit union may also provide assistance with securing your accounts.
Will this incident affect my training or course data?
- Absolutely not. Training data in this system is from some time ago and already registered with government and industry bodies.