Australian schools, universities left scrambling after personal data of students compromised in massive breach
A major cybersecurity breach has compromised the personal data of tens of thousands of Australian students across schools and universities – leaving institutions scrambling.
Schools, colleges and universities across Australia have been left scrambling after a major hacking scandal compromised sensitive data belonging to millions of students worldwide.
Education resource provider Instructure, which serves many Aussie schools, recently fell victim to a cybersecurity breach, which saw hackers claim to have obtained the personal data of more than 200 million people worldwide.
It has left education ministers fearing for the families of students and teachers with known family and domestic violence – as well as those known to child safety authorities.
Sign up to The Nightly's newsletters.
Get the first look at the digital newspaper, curated daily stories and breaking headlines delivered to your inbox.
By continuing you agree to our Terms and Privacy Policy.It is not clear how many Australian institutions have been impacted by the scandal, but it has left education leaders on red alert.
Instructure is a multinational company which provides several resources to education institutions worldwide, including QLearn, which is the Department of Education’s online learning platform in Queensland.
In a statement on Thursday, John-Paul Langbroek, Queensland’s Education Minister, said: “This incident has impacted thousands of educational institutions, including state schools and universities within Queensland, across Australia, and overseas, and early advice is this will impact more than 200 million people and more than 9,000 institutions worldwide.
“Early advice is students and staff working or studying at Education Queensland schools since 2020, when the former government introduced the online systems, have been affected.
“Advice at this stage is names, email addresses and school locations have been compromised in the international data breach.”
Mr Langbroek added that he believed there to be no evidence of passwords, dates of birth, or financial information being accessed.
He added: “School principals are in the process of contacting families and teachers to advise them of the breach.
“The Department of Education is providing priority support to families and teachers with known family and domestic violence, or those known to Child Safety.”
It remains clear just how many sites in Australia have been affected, however, Queensland is not the only state impacted.
Instructure is also the parent company behind Canvas, an education platform which is used widely across Australia.
A spokesman for Flinders University in Adelaide told ABC that staff and student data held on the Canvas platform “may have been impacted”.
Tasmania’s Technical and Further Education Institution also confirmed that it had been notified that a “criminal third party” had accessed its data – as did a spokesman for the University of Melbourne.
Instructure has been approached for comment.
In an update posted on its website, the company claimed the matter was resolved.
A post published on Wednesday reads: “Canvas is fully operational, and we are not seeing any ongoing unauthorised activity.
“This will be our final update via this status page for this incident.”
In a statement published over the weekend, the firm’s chief information security officer, Steve Proud, wrote: “While we continue actively investigating, thus far, indications are that the information involved consists of certain identifying information of users at affected institutions, such as names, email addresses and student ID numbers, as well as messages among users.
“At this time, we have found no evidence that passwords, dates of birth, government identifiers, or financial information were involved.”
