Overview
- Education authorities say an external third party accessed a department database via a school network, affecting data for current and former students across the state system.
- All student passwords have been reset and access to school accounts is blocked until new credentials are issued, with VCE students prioritized for reissue.
- Accessed fields include names, school-issued email addresses, school names and year levels, while dates of birth, home addresses, phone numbers and staff details were not compromised.
- The exact number affected remains unclear, with reporting suggesting the pool could exceed one million past and present students, and schools are notifying families.
- Cyber experts warn the data could fuel long-term phishing and social engineering, OVIC is engaging under privacy law, Compass Education says it was not compromised, and the opposition is pressing for clearer figures and explanations.