All Victorian government schools and their students are impacted by the breach of a Department of Education database that has forced a mass password reset before the start of the new school year.
The department has confirmed the incident to iTnews, which has also seen incident notifications from at least one school.
The database of students, both current and past, is understood to have been accessed by a third-party through a school’s network.
It’s not clear how the attacker was able to exploit the initial point of access to view the extensive database.
It’s also not clear when the incident actually occurred, with the department undertaking containment and some forensics before today’s notifications.
A school incident notification states that the database contained “student name, school-issued email address and encrypted password (for those that use them), school name [and] year level.”
The incident notification further states that “all student passwords have been reset” and that students will receive the new access credentials on their first day back at school.
It adds that “there is no evidence to suggest that the data accessed has been released publicly or shared with other third parties.”
A Victorian Department of Education spokesperson said that it had “identified the point of the breach and have put safeguards in place, including the temporary disabling of systems to ensure no further data is able to be accessed.”
“Now, we're working with cyber experts, other government agencies and communicating with our schools to ensure this does not disrupt students when they start the 2026 school year,” the spokesperson said.
_(22).jpg&h=140&w=231&c=1&s=0)
_(23).jpg&h=140&w=231&c=1&s=0)
_(28).jpg&h=140&w=231&c=1&s=0)
_(26).jpg&w=100&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
