Law students and education providers are being impacted by an international cyber security breach involving a third-party provider, Instructure.
The Queensland Government has today released a statement about the incident saying it “has impacted thousands of educational institutions, including state schools and universities within Queensland, across Australia and overseas, and early advice is this will impact more than 200 million people and more than 9000 institutions worldwide”.
Education Minister John-Paul Langbroek said: “Advice at this stage is names, email addresses and school locations have been compromised in the international data breach. No evidence of passwords, dates of birth or financial information being accessed in the data breach.
“The Department of Education is providing priority support to families and teachers with known family and domestic violence, or those known to Child Safety.”
College of Law Group Chief Executive Officer Marcus Martin has also written to students advising the incident has affected Canvas, the learning management system used to deliver courses and programs. Canvas is operated by Instructure.
“Instructure has advised that an incident occurred within its systems, and while our own systems were not breached, some student data held within Canvas has been accessed,” he said in the letter.
“Based on information provided by Instructure, this may include names, email addresses, student identification numbers and messages exchanged within Canvas.
“In the event that you have voluntarily uploaded a photo, biography, LinkedIn ID etc. to personalise your Canvas profile, this information may also be included.
“Other personal information such as passwords, dates of birth, government identifiers or financial information are not stored in Canvas by the College.”
Mr Martin said the college remained committed to safeguarding the security and integrity of its data.
“We will continue to monitor updates from Instructure and will share further information as it becomes available.”
The Queensland Law Society has also been advised by Instructure, the provider of Canvas, of a recent security incident which has now been contained and resolved. Canvas is used by QLS to support the delivery of the Practice Management Course, Specialist Accreditation program and some self-paced CPD courses.
Based on information provided, there is no evidence that sensitive data was compromised.
As a precaution, members are encouraged to remain alert to unexpected emails and to maintain good security practices, including using strong passwords and using caution when interacting with links.
QLS is continuing to monitor the situation and will keep members informed regarding any developments.
