A high profile cybercriminal group has stolen the data of every single student and teacher from Queensland schools in a worldwide security breach and are holding the information for ransom. 

Threat actor group ShinyHunters compromised the names and emails of all past and present individuals ending in ‘@eq.qld.gov.au’ and ‘@qed.gov.au’, dating back to 2020, on Thursday morning. 

The Department of Education immediately started boosting its firewall protections as a result of the cyberattack affecting an estimated 200 million people and more than 9000 institutions globally.  

Queensland Education Minister, John-Paul Langbroek, said school locations were also compromised, but there was ‘no evidence of passwords, dates of birth or financial information accessed’.

‘School principals are in the process of contacting families and teachers to advise them of the breach,’ he said in a statement.

‘The Department of Education is providing priority support to families and teachers with known family and domestic violence, or those known to Child Safety.’

The hackers stole the private details from third-party provider Instructure, which operates Canvas — the cloud-based gateway to the Department of Education’s QLearn system.

The data of every single student and teacher from Queensland schools have been stolen following a worldwide security breach