Marist College Ashgrove hacked by international cyber criminals
Personal information, potentially including driver’s licence details, of more than 3000 former employees has been exposed by a cyber attack on a Brisbane private school.
Education
Don't miss out on the headlines from Education. Followed categories will be added to My News.
An international cybercrime group is believed to be behind a data breach at a Brisbane private school which potentially compromised personal information of more than 3000 ex-staff.
Marist College Ashgrove confirmed its servers had been breached in a September cyber attack which had put the data of 3200 former staff at risk.
Principal Michael Newman told staff over email last month that the breach gave the hackers access to personal information including names, superannuation account numbers, contact and address details.
He said drivers licence details were potentially compromised.
Mr Newman said the college engaged in an independent cyber incident response team which included cyber security and forensic IT experts to investigate the attack and restore the servers.
“Investigations have since established that the perpetrators were an overseas-based cybercrime group known to target Australian educational institutions,” Mr Newman told The Courier-Mail on Monday.
“Investigations are ongoing but the indication at this stage is that the scope of the breach is far more confined than initially feared.”
Mr Newman said the school was able to restore and safeguard its IT “environment” quickly.
He said the investigations were yet to determine how the cyber criminals hacked into the school servers.
“It is widely accepted that even the most secure environments can potentially be infiltrated through something simple as a phishing email sent to a group of people in the hope that just one person clicks on a link,” he said.
“Under the guidance of our cyber incident response experts, we are continuing to work closely with the authorities and we remain committed to taking all measures and precautions to mitigate any potential risks befalling any affected individual.”
Mr Newman said the incident was reported to authorities including Queensland and Federal police and the Australian Cyber Security Centre.
A Queensland Police Service spokeswoman said it was investigating an alleged data breach incident at a Queensland school.
In an email to former staff on October 13, Mr Newman said the school’s financial information was encrypted and “masked” from the servers.
Mr Newman said the school had continued to invest into services, tools and resources to guard against the risk of the data being used or distributed.
A former Marist staff member contacted The Courier-Mail claiming some of the victims had been targeted by scammers.
“Why was all of the data not encrypted? Especially license numbers,” the ex-Marist employee said.
“It is disgusting that teachers should be having their details stolen like this. Why do schools even keep this sort of information and why was it not secure?”
Mr Newman had apologised to the impacted staff through emails and “unreservedly” apologised to the school community.
He said the data breach caused “little to no disruption” in allowing students to return to school.
More Coverage
Elite private school to open new Queensland campus
A well-known private school with three campuses in southeast Queensland will expand with a brand new college to be built west of Ipswich.
‘Mental torture’: Dozens of Qld university jobs on the line
Dozens of jobs could be cut at a major Brisbane university following shock revelations that roles in UniSQ and JCU will be slashed in cost-cutting measures.