Data breach fears grow as suspected ransom note appears
Australian universities and schools have been put on high alert after a software program was taken offline following a cybersecurity attack.
The security breach of the cloud-based Canvas learning management system operated by US company Instructure first occurred on May 2, affecting thousands of schools, universities and businesses around the world.
On Friday the system went offline at many universities, and some students, including those at the University of Sydney, reported receiving a ransom message sent through the platform.
“ShinyHunters breached Infrastructure (again),” the message, seen by AAP, read.
“Instead of contacting us to resolve it, they ignored us and did some ‘security patches’,” he said.
The University of Sydney said Canvas had experienced a global outage since 6am on Friday after Instructure put it into “maintenance mode”.
“We are one of approximately 9,000 organizations worldwide affected by this outage and are still awaiting clear advice from Instructure,” he said in a statement on Friday afternoon.
It acknowledged there were outages to students and staff and advised them not to attempt to log in to the service until further updates were made.
The University of Melbourne was also affected by the outage and extended application deadlines over the weekend.
It is unknown whether any personal information was leaked in the cyber attack; The system is widely used to deliver and manage learning for students and staff.
South Australia’s Flinders University, RMIT in Melbourne, Tasmania’s Institute of Technical and Further Education and the University of Technology Sydney are all affected.
On Thursday, Queensland education minister John-Paul Langbroek said the education department had been notified of a breach involving Instructure, which offers the QLearn programme.
“Our advice at this stage is that names, email addresses and school locations are not compromised in an international data breach,” he said.
“There is no evidence that passwords, dates of birth or financial information were accessed in the data breach.”
Instructure confirmed the incident in a post on its status website over the weekend.
“Education recently experienced a cybersecurity incident perpetrated by a criminal threat actor,” chief information security officer Steve Proud wrote.
“We are actively investigating this incident with the assistance of outside forensic experts.”
The next day, it wrote that the incident was under control and added that further updates would be shared directly with customers later.
National Cybersecurity Coordinator Michelle McGuinness confirmed the incident in a post on LinkedIn on Friday.
“My team is working closely with state and territory governments and peak education institutions to collectively address the impacts arising from this incident,” Ms McGuinness said.
He added that there was no indication that personal identification documents or financial information were affected, but the full impact was not yet clear.
“Anyone affected by a cyber incident should maintain high awareness of potential fraudulent activity,” he said.
Australia’s Associated Press is the beating heart of Australian news. AAP is Australia’s only independent national news channel and has been providing accurate, reliable and fast-paced news content to the media industry, government and corporate sector for 85 years. We inform Australia.
