Massive Cyber Breach Affects Queensland Schools via QLearn Platform

Severity: High (Score: 68.0)

Sources: Thesenior.Au, Thecyberexpress, Brisbanetimes.Au

Summary

A significant cybersecurity breach involving Instructure has compromised personal information of students and staff in Queensland schools and universities. The incident, confirmed by Education Minister John-Paul Langbroek, affects over 200 million individuals and more than 9,000 educational institutions globally. Compromised data includes names, email addresses, and school locations, but there is no evidence of passwords, dates of birth, or financial information being accessed. The breach impacts those who have used the QLearn platform since its introduction in 2020. Authorities are prioritizing notifications to families and teachers with known vulnerabilities, such as those involved in domestic violence. The breach highlights ongoing cybersecurity risks in the education sector as reliance on third-party digital platforms increases. Instructure, the provider of the QLearn platform, is under scrutiny as multiple institutions assess the extent of the breach. Key Points: • Over 200 million individuals and 9,000 institutions affected by the breach. • Compromised data includes names, email addresses, and school locations. • No evidence of sensitive information like passwords or financial data being accessed.

Key Entities

• Data Breach (attack_type)
• Phishing (attack_type)
• Australian Associated Press (company)
• Department Of Education (company)
• Education Department (company)
• Education Queensland (company)
• Flinders University (company)
• Australia (country)
• CWE-200 - Exposure of Sensitive Information (cwe)
• T1566 - Phishing (mitre_attack)
• Canvas (tool)
• QLearn (platform)