Overview
- An external third party accessed names, school‑issued email addresses, school names, year levels and encrypted passwords for current and former students, according to the Department of Education.
- The incident affected data across all 1,700 Victorian government schools after attackers breached a school network, though the timing and precise number of affected students remain unconfirmed.
- The department says there is no evidence the accessed data has been released publicly or shared with other parties, and it reports that birth dates, home addresses and phone numbers were not accessed.
- Authorities identified and removed the attack vector, temporarily disabled systems and reset all student passwords, with VCE students prioritized for new credentials and other students to receive them at the start of the school year.
- Parents are being notified and relevant agencies have been engaged, as cybersecurity experts warn of elevated phishing risks and urge families to treat unexpected emails with caution.