Thousands of school families could be caught up in a terrifying cyber attack on a tech group used by state government departments.
PNORS Technology Group, an enterprise used by the Department of Education and Training in Victoria, has been the latest victim of hackers.
The Age reported on Sunday morning that data from a Victorian school entrance health questionnaire was among the information accessed and stolen during a breach.
The questionnaire included very personal information about students, including developmental and behavioural issues, family alcohol or drug problems, and demographics.
The questionnaire was received by the families of all students who’ve started in Victorian primary schools.
PNORS chief executive Paul Gallo told The Sunday Age the extent of the breach is currently being investigated, but cybersecurity experts believed the hack was limited to encrypted systems.
“However, overnight the criminals behind the cyberattack released to the company in a private communication a sample of what is believed to be stolen data,” Mr Gallo said.
“When we were informed about the cyberattack, we immediately shut down and isolated all our internal systems and took further measures to secure our network and data, along with pausing all data processing.”
Another source told The Age it is currently still unclear exactly which data has been stolen.
PNORS reportedly detected the breach on Thursday after it impacted two of its businesses, Datatime and Netway.
“The company immediately activated an incident response which included notifying affected clients, engaging external cybersecurity experts to assist in dealing with the issue,” Mr Gallo told The Age.
A spokesperson from the Department of Premier and Cabinet told NCA NewsWire the Victorian Government was aware of the cyber incident, and protecting Victorian data was their highest priority.
“We are continuing to provide support to PNORS Technology Group to determine the extent of the information breach and to prevent further incidents,” the spokesperson said.
“The Victorian Government’s Cyber Incident Response Service have been notified and are taking appropriate action.
“If it is determined that Victorian Government data has been exposed as a result of this breach, departments will notify impacted individuals and provide advice on steps they can take to minimise any risk.”
Kilvington Grammar School in Melbourne has notified families of students of the data breach, and warned some personal information had already been published.
“Kilvington Grammar confirms it has experienced a data incident involving unauthorised access to some of its online systems,” they revealed in a statement.
They said the school’s primary database had not been accessed, but some third party information had been released.
“The team has undertaken a forensic investigation to establish the nature of this data and we have notified and provided support to affected parties.”