Schools, universities and other educational institutions across Victoria have been caught up in an international cyber hack in which criminals are holding sensitive information to ransom.
Hackers accessed Canvas, a popular off-the-shelf educational management and communications system, which is used by about 9000 institutions globally.
Canvas’ operators say the hackers – who are calling themselves ShinyHunters – may be in possession of “identifying information”, including names, email addresses and student ID numbers, as well as messages between teachers, students and parents.
The University of Melbourne told students and staff on Thursday that Canvas advised the institution some of its data has been involved in this breach, while RMIT University said it was still working with Canvas to determine if any of its data had been stolen.
Parents at Melbourne Grammar were also told on Thursday afternoon that it been advised of the hack. The top private school sought to reassure families that it did not believe any student data had been stolen.
The hackers are reportedly claiming to have stolen 3.65 terabytes of data – including billions of private messages sent between students and teachers – and are demanding an undisclosed ransom from Canvas’ parent company, Instructure.
It was not clear on Thursday how many institutions across the state have been impacted by the mass hack.
The Victorian Department of Education, whose 1570 public schools use a different management system called Compass, has not indicated whether any of its institutions have been affected.
The Melbourne Archdiocese Catholic Schools group was also assessing if any of its schools’ data had been compromised.
Australia’s National Cybersecurity Co-ordinator, Michelle McGuinness, confirmed in a LinkedIn post that the hack had occurred, and advised families to be on the lookout for suspicious emails and other online communications.
Has your school been hit by the Canvas hack?
noel.towell@theage.com.au
bridie.smith@nine.com.au
“If you think you may be impacted by this breach, the best way you can protect yourself is to not respond to unsolicited contact,” McGuinness wrote.
“Criminals use personal information from data breaches to trick victims into revealing further information that can be used to access your accounts elsewhere, including with financial institutions.”
Melbourne Grammar headmaster Phil Grutzner said the school believed the data of families with children at the school had not been accessed, but urged online caution.
“If your data has been accessed, phishing is the most likely consequence,” Grutzner wrote.
The Canvas breach comes on the back of an unprecedented cyberattack in January in which the data of thousands of Victorian students was exposed, and students’ names and addresses held by the Victorian Department of Education were accessed by a third party through a school network.
Last year, data belonging to families and graduates of Scotch College was also exposed after the private school’s IT system was hacked.
Cybersecurity and compliance company ProofPoint said educational institutions were highly attractive targets for cyber criminals because they held large amounts of personally identifiable information on students, staff, and alumni.
Despite the increase in attacks, most of Australia’s top schools and universities are still not securing their email communications to industry-approved standards, according to ProofPoint senior director Steve Moros, citing research earlier this year by his company.
More to come
Bridie Smith is an education reporter at The Age. A former desk editor, she has also reported on science and consumer affairs.Connect via X, Facebook or email.From our partners
Disclaimer : This story is auto aggregated by a computer programme and has not been created or edited by DOWNTHENEWS. Publisher: www.smh.com.au
