Major cyber attack exposes private details of students and school staff

By EducationHQ News Team
Published 3 hours, 2 minutes ago

Personal information of Queensland public school students and teachers has been compromised in a massive global data breach affecting millions.

At this stage, names, email addresses and school locations are believed to have been compromised.

Queensland Education Minister John-Paul Langbroek on Thursday confirmed there had been a “cybersecurity incident" involving Instructure, the third-party provider that delivers the Department of Education's QLearn platform.

The breach has hit thousands of educational institutions, including state schools and universities in Queensland, across Australia and overseas, and more than 9,000 institutions globally.

“Early advice is students and staff working or studying at Education Queensland schools since 2020, when the former government introduced the online system, have been affected,” Langbroek said in a statement.

At this stage, names, email addresses and school locations are believed to have been compromised.

“There is no evidence of passwords, dates of birth or financial information being accessed in the data breach,” Langbroek said.

School principals are contacting families and teachers to advise them of the incident.

The department is providing priority support to families and teachers with known family and domestic violence concerns, or those known to Child Safety.

The Department of Education would continue to update Queenslanders as further information became available, Langbroek said.

The concerns in Queensland come after the University of Technology Sydney said Canvas - a learning management system used by several Australian universities that's supplied by Instructure - was impacted globally by a “cyber incident”.

Canvas is widely used to deliver and manage learning for students and staff.

A University of Technology Sydney spokesperson said they were working to assess the impact of the cyber incident, although Canvas was still working as normal.

“We are working with the vendor, Instructure, to confirm whether UTS data has been compromised as part of this incident and to fully understand potential impacts if a breach has occurred,” a spokesperson said on Wednesday.

RMIT University, which has campuses across Melbourne, confirmed on Monday it had been notified of a cyber incident impacting the Canvas learning management system.

South Australia's Flinders University said that student and staff data held within the Canvas platform may have been impacted.

“We are seeking further information to understand the nature and extent of this and are monitoring the situation closely," a spokesperson said.

“In addition to taking precautionary steps to minimise any potential impact, Flinders University notified our students and staff earlier this week and has provided further updates."

AAP