An educational institution says the personal data of some of its students has been compromised, following a cybersecurity attack on an international learning management system.
A security breach of the cloud-based Canvas learning management system, developed by American company Instructure, occurred on Saturday, May 2 (Australian time).
It is used by schools, universities and vocational education facilities across the world, including Australia, to deliver and manage learning for students and staff.
Sydney, Melbourne, Adelaide, Tasmanian educational institutions assessing breach
In a statement, University of Technology Sydney (UTS) deputy vice-chancellor Kylie Readman said the university was working with Instructure to confirm whether data had been compromised and to “fully understand potential impacts”.
A University of Sydney spokesperson said they were also still working to assess if any of their community’s personal data had been compromised.
“If a breach of personal data has occurred, we will notify affected individuals and work closely with the National Office of Cybersecurity to manage the impact of the incident,” they said.
“The university is one of approximately 9,000 educational institutions worldwide that is potentially impacted.”
A University of Melbourne spokeswoman said they had been notified of the cyber incident.
“We take the protection and management of personal information seriously and are working with the vendor to confirm and respond to any impacts,”
they said.
A spokesperson for Flinders University in Adelaide said it had been informed that student and staff data within the Canvas platform “may have been impacted”.
Tasmania’s Technical and Further Education Institute (TasTAFE) said in a statement that it had been notified by Canvas’ parent company, Instructure, that a “criminal third party” had accessed their data.
“Based on current advice, the data involved may include some personal information, including content stored within Canvas such as messages,” they said.
“There is no indication that passwords, dates of birth, government identifiers, or financial information were involved.
“This incident relates to Instructure’s systems and was not the result of a breach of TasTAFE’s own systems or processes.”
TasTAFE says there is no indication passwords or financial information were taken in the cyber attack. (ABC News)
Ross Smith, the acting secretary of Tasmania’s Department for Education, Children and Young People (DECYP) said the department has not been informed if any Tasmanian public school data has been obtained.
“Should any sensitive or personal information be affected, DECYP will work with Instructure to manage harm and ensure that those affected are notified as soon as possible and offered assistance and support as required,” Mr Smith said.
Both TasTAFE and DECYP said Instructure had engaged external cybersecurity specialists to investigate the incident, and that Canvas was still operational for both entities.
On Monday, RMIT said it was working to confirm if any of its data had been involved.
“Canvas is operating as normal and we’ll provide further information on this page if there are any impacts to students,”
they said.
Instructure has been contacted for comment.
Click Here For The Original Source.
