A major privacy breach has rocked thousands of schools and universities across Australia, resulting in private and sensitive data of millions of teachers and students being leaked.
The cybersecurity breach involved third-party provider Instructure, which delivers online learning platforms — including Canvas and QLearn — to schools and universities across Australia.
Queensland’s Education Minister John-Paul Langbroek said the data breach also involved international institutions.
Know the news with the 7NEWS app: Download today
“This incident has impacted thousands of educational institutions, including state schools and universities within Queensland, across Australia and overseas, and early advice is this will impact more than 200 million people and more than 9,000 institutions worldwide,” he said.
Langbroek said early advice suggested both students and staff working or studying through Education Queensland and using QLearn have been affected by the breach. The former government introduced the online system in 2020.
“Advice at this stage is names, email addresses and school locations have been compromised in the international data breach,” Langbroek said.
“(There is) no evidence of passwords, dates of birth or financial information being accessed in the data breach.”
Langbroek said school principals were in the process of contacting families and teachers to advise them of the breach.
“The Department of Education is providing priority support to families and teachers with known family and domestic violence, or those known to Child Safety,” he said.
“The Department of Education will continue to update Queenslanders as further information is available.”
Universities also affected
University of Technology Sydney (UTS) deputy vice-chancellor Kylie Readman said the institution was seeking clarification if its students’ information had been leaked.
“We are working with the vendor, Instructure, to confirm whether UTS data has been compromised as part of this incident and to fully understand potential impacts if a breach has occurred,” she said.
“We are also working with relevant Australian authorities.”
On Monday, Royal Melbourne Institute of Technology (RMIT) also said it may have been impacted.
“RMIT has been notified of a cyber incident impacting the Canvas learning management system,” it said.
“Canvas is a learning platform used by many universities across the world, including RMIT.
“We are working with the vendor to confirm if RMIT data has been involved and understand any impacts as a result of this breach.”
TasTAFE in Tasmania also reported a data breach in a statement on Thursday.
“Instructure took immediate action to address the incident and has engaged external cyber security and forensic specialists,” the statement read.
“On May 6, Instructure advised that a criminal third party has accessed data associated with some customer accounts, including TasTAFE.
“This incident relates to Instructure’s systems and was not the result of a breach of TasTAFE’s own systems or processes. Investigations commenced immediately and are ongoing. “
The TAFE said, based on current advice, the data involved in the breach may include some personal information, including content stored within Canvas such as messages.
“At this stage, Instructure has not provided TasTAFE with information identifying specific individuals affected,” it said.
“There is no indication that passwords, dates of birth, government identifiers, or financial information were involved.”
Western Sydney University and Flinders University in Adelaide have also reportedly been impacted by the data breach, with dozens more universities which use Canvas yet to confirm any cybersecurity breaches.
More to come …
