Exclusive: Belmont Christian College investigating ransomware claims
Threat actors have claimed a cyber attack on a NSW Christian school, claiming to have exfiltrated student and employee data.
Belmont Christian College, which is owned by Belmont Baptist Church, is a kindergarten to year 12 Christian school located in the Lake Macquarie area of NSW. In 2024, the school said it had 910 students.
The school was listed on the dark web leak site of the Qilin ransomware gang on 7 August.
You’re out of free articles for this month
“The published data archive contains all internal information about the educational institution, including personal data of students and employees. It also contains data on charitable contributions made to the college’s accounts and all data on the educational institution’s expenses and budget.”
Qilin posted sample images of the data, which contained immunisation history, personal incident records, payment histories from a parent, other payment data, and most notably, a document containing staff information, including names, working with children identifications and roles.
The threat group also suggested that there may have been cases of theft within the school donations, claiming “there are clear discrepancies and gaps in the figures”.
Unusually, Qilin did not list how much data had been exfiltrated, saying that zero files and 0.0 gigabytes of data had been stolen. It also did not publicly set a date for the ransom to be paid.
The college has confirmed it is aware of Qilin’s claims.
“Belmont Christian College is urgently investigating a cyber incident, after becoming aware of an unauthorised third party claiming to have accessed some data from a limited part of our systems,” a spokesperson told Cyber Daily on August 9.
“We are urgently investigating this claim and have engaged leading specialists to investigate the incident. That investigation is ongoing, and we will inform any impacted individuals once we have any relevant and accurate information to share, in line with our obligations.”
Qilin takes its name from a mythical Chinese creature, though members of the operation have been observed conversing in Russian on hacking forums, leading researchers to believe the hackers are based somewhere in the Confederation of Independent States. Qilin is a ransomware-as-a-service operation hiring itself out to any affiliate willing to pass on some of its profits.
The gang was first observed in August 2022 and has since then claimed 482 victims, and its most recent Australian victim was Moonee Ponds-based MKA Accountants, which was listed on the group’s leak site in May.
The gang was also responsible for a devastating attack on the UK-based pathology services provider Synnovis Group, which impacted five London hospitals in June 2024. The attack was declared a critical incident and led to severe disruptions to patient procedures and operations.
UPDATED 09/08/25 to add response from Belmont Christian College.
Daniel Croft
Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.
