2 days ago
2
Sensitive student and staff data compromised in a cyberattack will not be publicly released or shared on the dark web, after the hacked education contractor said it “reached an agreement” with online criminals.
More than five years of data – potentially including names, email addresses and school locations in Queensland – was obtained as part of a breach first reported on May 7.
The records were taken from third-party education technology company Instructure, which the state Education Department uses for its QLearn online learning management system.
In an email seen by this masthead, the company’s chief executive Steve Daly told its customers all data had been returned.
“We reached an agreement with the unauthorised actor involved in this incident,” he said.
“As part of that agreement, the data was returned to us, we received assurances that it will not be further shared on the dark web or elsewhere, and we received proof that any copies of that data were deleted.
“Further, we have been informed that no Instructure customers will be extorted as a result of this incident, publicly or otherwise.”
He added risks remained, but the company had done everything it could to protect its customers: “There is never complete certainty when dealing with cyber criminals.”
The Deputy Director-General of Digital Innovation at the Department of Education, Darrin Bond, confirmed in a message to staff that QLearn was on track to be restored by Wednesday, May 13.
“Whilst we have received assurances from Instructure, the department will continue to strengthen its cybersecurity mechanisms within QLearn and other systems to provide additional protections for both your data and the department’s systems,” he said in the email.
Instructure owns Canvas, a learning management system also used by multiple Queensland universities, including Queensland University of Technology, Griffith University, and University of the Sunshine Coast.
Start the day with a summary of the day’s most important and interesting stories, analysis and insights. Sign up for our Morning Edition newsletter.
