Sergiu Gatlan reports:
The Department of Education in Victoria, Australia, notified parents that attackers accessed a database containing the personal information and email addresses of current and former students, prompting password resets.
The department disclosed the breach in letters sent to parents, stating that an unauthorized third party accessed students’ names, school names, year levels, and school-issued email addresses, as well as encrypted passwords for accounts that use them.
However, it said that more sensitive data, such as birth dates, home addresses, or phone numbers, were not exposed in the incident.
Although authorities investigating the breach have yet to find evidence suggesting the accessed data has been released publicly or shared with other parties, the department has reset all student passwords as a precautionary measure, blocking students’ access to school accounts until new credentials are issued.
Read more at BleepingComputer.