The latest target of cybercriminals.
Photo: SMKI

Are your children protected at school?

QLD EDUCATION BREACH

Thousands of QLD teachers and students have been affected by a major international data breach involving the online learning platform Canvas, prompting renewed scrutiny of cybersecurity practices across the education sector.

The breach emerged in May after cybercriminals gained access to data held by Instructure, the United States-based company that operates Canvas, one of the world’s most widely used learning management systems.

In Queensland, the platform underpins QLearn – the Department of Education’s digital learning environment used by state schools.

Authorities have said that personal information including names, email addresses, school affiliations, and some student identification details may have been compromised.

While officials stressed there is no evidence that passwords, financial information, or government-issued identifiers (Digital ID) were accessed, concerns remain over the potential exposure of messages and communications exchanged through the platform.

The incident forms part of a broader cyberattack that affected educational institutions across several countries. The hacking group ShinyHunters has been linked to the breach, which has reignited debate about the vulnerability of schools and universities to sophisticated threats.

Education Minister John-Paul Langbroek described the incident as “deeply concerning” and said the Queensland government was working with affected schools to assess the impact.

Families and staff members have been notified, while support has been offered to vulnerable individuals, including those connected to child protection and domestic violence.

Cybersecurity experts have characterised the incident as a “significant supply-chain attack”, arguing that it demonstrates the risks associated with the education sector’s growing reliance on a small number of cloud-based technology providers.

Rather than targeting individual schools, attackers were able to gain access through a central platform used by thousands of institutions. Analysts say this highlights how a single weakness within a widely adopted service can have far-reaching consequences.

Reports suggest the attackers initially gained access through Canvas’ “Free For Teacher” environment, leading some to question whether stronger separation should have existed between lower-security services and systems supporting major educational organisations.

Privacy advocates have focused on the potential sensitivity of information stored within learning platforms. For many observers, the possibility that such information could be accessed by unauthorised parties is among the most troubling aspects of the incident.

Critics argue that the consequences of educational data breaches extend beyond conventional concerns about identity theft, particularly when minors are involved.

The breach also causes disruption for students and teachers who rely on digital platforms for coursework, assessments, and communication – it has become an entangled web.

Another aspect of the incident that has attracted attention is the platform’s reported agreement with the attackers, under which the company received assurances that ‘stolen data had been deleted’.

While some say negotiations may help prevent the publication of sensitive information, others question whether any guarantees can be considered reliable.

The incident has inevitably drawn comparisons with other high-profile Australian data breaches in recent years, including those affecting Optus and Medibank.

Commentators have argued that organisations collecting large volumes of personal information must face greater accountability for safeguarding that data.

The Canvas breach serves as a reminder that schools and universities now hold vast quantities of sensitive personal information and should be regarded as critical custodians.

The full impact of the breach may not be known for some time, and calls are growing for stronger cybersecurity standards, enhanced oversight of technology providers, and greater protection for students whose information is increasingly stored online.

Not only are Australians becoming increasingly subjected to identity-storing applications and systems, but they have no idea of the tools their children are using in school.

CHILDREN TARGETED

The digital realm has become one of the biggest avenues of criminal activity, as the world becomes increasingly more dependent and entrenched in online systems.

A total of 890 data serious breaches were reported to OAIC across 2022 alone, in an unprecedented year that saw millions of Australians impacted by cybercrime.

Hundreds of data breaches reported to commissioner in 2022
RELATED ARTICLE

As technology completely takes over classrooms these days, individuals should be rightly concerned over just what information is being collected, and who this is being shared with.

In 2017, we first reported that children as young as five would have their fingerprints scanned at school as part of a controversial new biometric student attendance record-keeping program being introduced in South Australia.

The system, suspended by the previous government due to privacy concerns, allowed students at to register attendance by placing their finger on a pad.

Australian school introduces biometric identification
RELATED ARTICLE

Speaking of fingerprinting, more recently in 2022, a Sydney high school made the decision to install fingerprint scanners at the entrance to toilets to ‘stop vandalism’.

Sydney high school installs fingerprint scanners in toilets
RELATED ARTICLE

The controversial move was blasted by privacy experts as “unreasonable and disproportionate”, and highlights the continued push towards dystopia.

If it’s not physical biometrics, it is student data that is being harvested.

One investigation revealed more than 4 million Australian school students were put at risk of unprecedented tracking and surveillance during COVID remote learning periods.

Millions of Australian school students tracked during lockdown remote learning
RELATED ARTICLE

This includes universities, where through the use of “proctoring platforms”, institutes use a combination of human and AI monitoring to keep an eye on student conduct during exams.

Online surveillance of university students grows
RELATED ARTICLE

Last year, it was revealed that biometric data of NSW school students was being collected by Microsoft Teams – with the Education Department not realising the issue “for weeks”.

Concerns as NSW Education ‘not aware’ of student biometric tracking for weeks
RELATED ARTICLE

Not only do these platforms collect this “behavioural data”, but they are also attempting to morph the psychology and social structure of the students themselves.

One classroom application ranks students based on behaviours – allowing teachers to “automate the task of recording classroom conduct” by monitoring and storing data.

Classroom Apps Rank Students on ‘Set Behaviours’
RELATED ARTICLE

Many have suspected that the constant and invasive expansion of this technology, along with the apps that promote and normalise this type of behaviour, is edging students closer towards normalisation of a Western-style ‘Social Credit System’.

China’s ‘Social Credit System’ Will Soon Reach Australia
RELATED FEATURE

This isn’t even including the cultural marxist indoctrination that is happening in schools right across Australia, either. A topic that is equally as concerning.

It is no wonder that more parents are choosing to keep their children outside of the education system these days, opting instead for home-based schooling alternatives.

The Rise of Home Education in Australia
RELATED FEATURE

The days of textbooks are gone, and now digital screens and computers are the primary learning tool in schools across the country.

Most parents would be shocked to know what type of data is being collected in these institutions, and only discover such a thing when their child’s data has been breached.

Teachers are also targets, having to adopt these systems as a requirement from the Department of Education – with no chance to do things the ‘old school’ way.

I suspect this won’t be the last time we see stories like this emerge moving forward.