Xavier College says stolen student data might be released after hack

The personal information of current and prospective students of Xavier College has been threatened to be published online after a cyberattack, the school says.

The hack took place in June, but the school waited until this week to inform the families after it deemed that the number of people whose information had been stolen was much greater than it first thought.

A hacker who accessed sensitive data at Catholic boys’ school Xavier College is threatening to publicly release the information.Credit:Eddie Jim

The Catholic boys’ college said that when a key administrative staff member was hacked four months ago, it believed just 45 students were exposed, but it confirmed on Tuesday that more than 100 students had sensitive information, including birth certificates, visa applications, parenting arrangements and financial information, stolen.

The college said it initially kept the security breach secret from the wider school community because it had no evidence the stolen data would be misused or publicly disclosed.

“Then, in late October, it came to our attention that an unauthorised third party may disclose details of these mailbox contents,” a school spokesman said.

“The college has now taken steps to re-assess the original data and re-evaluate the risk parameters to consider whether any further individuals have been affected.

“As we did in June, immediate notification to specific individuals is occurring, while our wider school community has also been informed. The college network, learning and database systems remain secure.”

Members of the school community received a warning on Tuesday that their information might have been compromised, with the hacker gaining access to an email account that includes information relating to students’ and families’ finances, admissions, fundraising, scholarships, pastoral care and – for a small cohort of individuals – health information.

Information such as birth certificates can be used to open a line of credit or conduct fraudulent transactions, the school said.

“When the college initially became aware of the incident, we had no evidence to suggest that the contents of the email account would be misused or publicly disclosed,” the letter says.

“Notwithstanding this, in July 2022 we provided precautionary notifications to 45 individuals whose at-risk personal information was located in the email account.

“Based on the recent threat of data disclosure, we have expanded the scope of our assessment to identify whether there was any other information located in the email account that related to our students, staff or broader community.”

Xavier students are not the first to be exposed to a data breach this year.

Early this month, it emerged that technology company PNORS, which works with six different state departments including the Department of Education and Training, had been hacked, potentially exposing the personal data of thousands of students.

The Xavier hack was reported to the Office of the Australian Information Commissioner and the Australian Cyber Security Centre in June, the college said.

The Morning Edition newsletter is our guide to the day’s most important and interesting stories, analysis and insights. Sign up here.

Most Viewed in National

From our partners

Source: Read Full Article