Private school students’ personal data proves prime target for hackers
Hackers gained access to the credit card details of about 400 parents at Mount Lilydale Mercy College, a Catholic school in Melbourne’s outer east, last year.
Loading
Hackers also released 16,000 Tasmanian education department documents on the dark web including school children’s personal information in 2023, while Newcastle Grammar School reported a major ransomware attack in 2021.
Air Marshal Darren Goldie, the country’s first national cybersecurity co-ordinator, said last year that schools were becoming “more prominent targets” for ransomware attacks.
“If you consider the profile of a school, they are the same exact size of a successful medium-sized business, with a couple of thousand individuals all carrying personal devices with personal information connected to a school network,” he said.
“Unfortunately, these are the targets that cybercriminals can attack easily and demand a ransom.”
Many schools were also “small enough not to have full time cybersecurity teams and generally don’t have the resources for a 24/7 threat response partner”, he said.
Independent Schools Australia, the peak private schools body, was contacted for comment.
The ASD received 87,000 reports of cybercrime over the past financial year and responded to 121 ransomware incidents, up 3 per cent on the previous 12 months.
“Ransomware and data theft extortion impose a perverse, costly and highly disruptive threat to businesses and individuals,” Bradshaw said.
The report said that malicious cybercriminals had adjusted their ransomware tactics to include stealing sensitive data.
They then extort payments from victims in return for the recovery of the encrypted data.
The ASD strongly advises against paying ransomware demands because it encourages further attacks and does not guarantee that victims’ data will not be sold or leaked online.
Loading
The average cost of cybercrime rose to $49,600 per report, up 8 per cent on the previous year.
The federal government has introduced legislation into parliament to mandate minimum cybersecurity standards for smart devices and introduce mandatory ransomware reporting for certain businesses to report ransom payments.
Cut through the noise of federal politics with news, views and expert analysis. Subscribers can sign up to our weekly Inside Politics newsletter.