Student Data Stolen in Victorian Education Dept Hack
▼ Summary
– The Victorian Department of Education disclosed a data breach where attackers accessed a database containing student names, school names, year levels, and school email addresses.
– More sensitive personal data, such as birth dates and home addresses, was not exposed in this incident.
– As a precaution, the department reset all student passwords, blocking account access until new credentials are issued, with priority given to VCE students.
– The department stated there is no current evidence the accessed data has been publicly released or shared with other third parties.
– The breach affected an unspecified number of students within Victoria’s government school system, which serves approximately 650,000 students.
Parents in Victoria, Australia, have been alerted by the state’s Department of Education that an unauthorized party successfully accessed a database containing student information. The breach compromised details including student names, school names, year levels, and school-issued email addresses, along with encrypted passwords for associated accounts. Officials have taken immediate action by resetting all student passwords, temporarily locking accounts until new credentials can be distributed.
According to letters sent to families, the accessed data did not include more sensitive personal records. Birth dates, home addresses, and phone numbers were not exposed in this incident. While investigators have found no evidence that the stolen information has been publicly released or shared, the department is treating the breach with utmost seriousness. All student passwords have been reset as a precaution, meaning students cannot access their school accounts until they receive new login details.
The department has prioritized issuing new passwords to VCE students, with all other students scheduled to receive theirs at the beginning of the upcoming school year. In its communication, the department advised parents to remind their children to exercise caution with unexpected emails, even though protections are in place for student email accounts. The exact number of affected students has not been disclosed, but Victoria’s government school system encompasses roughly 650,000 students across more than 1,500 institutions.
Authorities have identified and addressed the specific vulnerability that allowed the breach to occur. They have assured the public that additional information will be provided as it becomes available and that school principals will receive ongoing updates. A spokesperson for the department emphasized that work is underway with cybersecurity specialists and other government agencies to prevent any disruption to students as the new academic year begins.
Several key details about the breach remain unclear, including when the attackers first gained access to the database, when the intrusion was discovered, and whether any ransom demands were made. The department’s investigation is ongoing. This incident follows another recent education sector breach in Australia, where the University of Sydney reported in December that hackers had stolen files containing personal data of over 27,000 current and former staff and students from an online coding repository.
(Source: Bleeping Computer)
