惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

The Last Watchdog
The Last Watchdog
博客园_首页
Martin Fowler
Martin Fowler
S
SegmentFault 最新的问题
美团技术团队
小众软件
小众软件
V
V2EX
博客园 - Franky
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
The GitHub Blog
The GitHub Blog
Microsoft Security Blog
Microsoft Security Blog
Attack and Defense Labs
Attack and Defense Labs
S
Security Affairs
Simon Willison's Weblog
Simon Willison's Weblog
I
Intezer
T
The Exploit Database - CXSecurity.com
有赞技术团队
有赞技术团队
S
Schneier on Security
人人都是产品经理
人人都是产品经理
Security Archives - TechRepublic
Security Archives - TechRepublic
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
K
Kaspersky official blog
PCI Perspectives
PCI Perspectives
AI
AI
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
罗磊的独立博客
O
OpenAI News
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
The Register - Security
The Register - Security
V
Vulnerabilities – Threatpost
GbyAI
GbyAI
博客园 - 【当耐特】
C
Cisco Blogs
大猫的无限游戏
大猫的无限游戏
Help Net Security
Help Net Security
Google DeepMind News
Google DeepMind News
S
Securelist
Application and Cybersecurity Blog
Application and Cybersecurity Blog
P
Proofpoint News Feed
博客园 - 三生石上(FineUI控件)
雷峰网
雷峰网
L
LangChain Blog
SecWiki News
SecWiki News
博客园 - 叶小钗
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
V2EX - 技术
V2EX - 技术
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
J
Java Code Geeks
L
LINUX DO - 热门话题
Cisco Talos Blog
Cisco Talos Blog

Cyber Daily News

Aussie schools breach: The Instructure hack “transcends an isolated IT incident” Exclusive: Aussie car part importer Strategic Imports allegedly breached by threat actors Australian Cyber Security Centre warns of ClickFix campaign leveraging Australian infrastructure OpenAI partners with PwC to assist CFOs with AI agents Queensland Department of Education confirms students & staff impacted by ShinyHunters data breach ACMA takes action against SpinTel & Yomojo over mobile number fraud violations The Industry Speaks, Part 1: World Password Day 2026 Qualys and Converge tie cyber insurance pricing to real-time security posture Fakeout: Iranian APT caught hiding behind Chaos ransomware activity Exclusive: Australian energy management firm allegedly breached by SafePay APRA warns of cyber and governance risk due to lagging AI risk management Op-Ed: Australia’s next budget must treat cyber resilience as essential infrastructure Real estate giant Cushman & Wakefield confirms cyber incident, Qilin and ShinyHunters claim attack CrowdStrike expands Project QuiltWorks as more partners join AI security coalition Hacked: ALS discloses cyber incident, unauthorised access to IT systems Microsoft the main target of AI phishing attacks, report uncovers Attackers increasingly turning to trusted security tools to compromise Aussie victims Exclusive: Champion Homes confirms customer data compromised in “cyber event” Australia, Japan commit to partnership to meet cyber security challenges & strengthen cyber defences NSW Treasury cyber incident contained, impact no longer ‘significant’ Report: AI-based data incidents on the rise in Australia WA rental scam surge: Tenants targeted with fake $500 discount trap Aussie Information Commissioner launches Privacy Awareness Week 2026 Unregistered branded text messages to be labelled ‘Unverified’ from 1 July US Federal Reserve outlines AI's influence on the finance sector Exclusive: Major Australian jewellery brand confirms cyber incident Australian government establishes new Cyber Incident Review Board Watch this! Komari server monitor tool abused by hackers Act Now! ACSC warns of active exploitation of cPanel & WHM critical vulnerability Exclusive: Kiwi electrical contractor confirms cyber attack Over 1 in 2 firms have AI privacy concerns: Intuit Exclusive: Prime Properties listed as breach victim by M3rx ransomware Anthropic launches dedicated Claude Security platform to public beta DigiCert launches AI Trust architecture to secure agents, models, and content ‘Rebuilding the enterprise’: How CEOs are preparing for automation Op-Ed: Redefining performance in the AI-powered SOC Ukrainian official advocates for artificial intelligence, autonomous drones for battlefield deployment NZ council cyber attack leads to ID and financial data being exposed ‘Building confidence’: The key to effective AI implementation Vect unveiled: Inside an emerging ransomware group’s affiliate network Exclusive: Gelatissimo confirms unauthorised access, investigates DragonForce hack claims US Department of War launches cyber-focused apprenticeship program CrowdStrike launches Project QuiltWorks to tackle skyrocketing AI-discovered vulnerabilities Australian government stands up new ‘tripartite forum’ to tackle AI challenges in the workforce Aussie ice-cream franchise Gelatissimo suffers alleged hack by DragonForce Report: Aussie small businesses doing it tough as job scams double, losses rise Cyber attacks on medical devices pose ‘significant’ impact on real-life patient care Twisted Firestarter! Aussie, US, and UK cyber agencies warn of Cisco malware campaign Generation Life informs customers of “cyber incident” as owner shares incident with ASX CBA launches new scam-finding AI agent Australian Army research paper advocates for Australian national cyber reserve force, volunteer cyber organisations ANZ appoints its first chief AI officer Westpac appoints Chief AI Innovation Officer as part of technology push ADF strengthens skills as Cyber Command marks 2 years of operation Sri Lankan government hack sees $3.7m destined for Australia stolen Outsiders are already accessing Anthropic’s new AI model, but is Claude Mythos really that powerful? CrowdStrike extends cloud threat detection to Google Cloud Hey big spender! Microsoft to invest $25bn in Australian AI infrastructure AI adoption highest for finance and property SMEs, says NAB Genetec marks Sydney milestone with visit by high commissioner of Canada to Australia Rental platform under fire for collecting excessive personal data Exclusive: SA genealogical research firm confirms cyber incident following SafePay ransom claims Q&A: Quantum cryptography will be a “Y2k times 10 problem,” says DigiCert CEO PentenAmio announces acquisition of Armour Communications Exclusive: Aussie passports compromised in alleged Favelle Favco data breach Cutting edge: Anthropic’s Claude Mythos preview is a ‘double-edged sword’, expert says Treasury staffer charged for NSW government data breach Op-Ed: AI won’t patch the holes in your SOC AI is helping young investors get into the property market Australia’s financial regulators are keeping a close eye on Mythos Game on! More than a third of FIFA World Cup 2026 partners expose Aussies to email fraud risk Dark web markets: A complete Aussie identity costs as little as $200 Your next car may be designed by AI Exclusive: NSW-based Strata Republic allegedly breached by Kairos ransomware group Report: Data collection by school-backed apps in Australia is out of control and a risk to kids Kinetic IT appoints Kishore Jayaram in new chief transformation officer role Anthropic launches Claude Opus 4.7 as researchers reveal fake Claude installer spreading malware Australian Federal Court embraces AI in new practice note FOI docs reveal information commissioner’s concerns over Age Assurance Technology Trial Mortgage fraud now harder to detect thanks to AI McGraw Hill confirms ShinyHunters breach, won’t confirm if any Aussie customers impacted Update now: Active exploitation of Nginx UI vulnerability CVE-2026-33032 underway Op-Ed: Australia inspired the EU’s online age restrictions, now it’s time for us to learn from them National Defence Strategy 2026: Spending on military cyber capability to reach at least $15bn Exclusive: Qld pharmacy chain allegedly breached by Kairos ransomware Anthropic co-founder confirms Trump admin was informed about Mythos AI model European Commission’s new age verification app removes privacy risk of third-party data collection Op-Ed: ASIO has broken its silence on cyber crime, and you should listen Too-hard basket: NIST to scale back CVE updates as vulnerabilities soar OpenAI launches GPT 5.4-Cyber in response to Anthropic Glasswing CHROs must lead the AI transformation, AI CEO says Op-Ed: Microsoft April Patch Tuesday reveals 167 vulnerabilities Latitude Financial faces $3.96m fine over spam law breaches Kid stuff: Roblox to introduce safety improvements following Aus government warnings ADF joins international military exercise focused on cyber resilience and multi-domain operations WASTED! GTA developer Rockstar Games confirms hack as ShinyHunters demands ‘pay or leak’ Exclusive: Gunra ransomware lists Eric Davis Dental as breach victim Exclusive: NSW pharmacy management firm allegedly breached by INC Ransom US Treasury launches intelligence-sharing initiative with crypto companies Citigroup says AI speeds up new account openings
New South Wales, other states, investigating Instructure/Canvas data breach
david.hollin · 2026-05-07 · via Cyber Daily News

Education departments across the country are responding to a major breach at a third-party cloud education platform; expert warns: “third-party risk can no longer be treated as a procurement or compliance exercise”.

The New South Wales Department of Education is investigating the impact of a third-party data breach that has already compromised school students and staff in Queensland.

“The department is aware of the publicly reported data breach affecting Instructure's Canvas platform,” a department spokesman told Cyber Daily.

You’re out of free articles for this month

To continue reading the rest of this article, please log in.

“The department is working with Instructure to establish if any NSW schools have been impacted and the nature of any data involved.

“Schools using the departmental sign-on do not have their passwords stored with Canvas, so there is no risk of credential exposure in those cases.”

Cyber Daily understands that many schools in NSW procure the Canvas platform directly from Instructure, while the Department has said any schools impacted by the breach will be supported.

The Queensland Education Minister confirmed today, May 7, that Education Queensland schools were impacted by the Instructure incident, which first came to light late last week.

“Advice at this stage is names, email addresses, and school locations have been compromised in the international data breach. No evidence of passwords, dates of birth, or financial information being accessed in the data breach,” John-Paul Langbroek said earlier today.

“School principals are in the process of contacting families and teachers to advise them of the breach.”

The ShinyHunters cyber extortion group is behind the incident and is claiming to have compromised millions of students and staff globally, and thousands of schools. In total, the hackers claim to have stolen more than 3.6 terabytes of data.

National response

Lieutenant General Michelle McGuinness, Australia’s National Cyber Security Coordinator, said in a post to LinkedIn that she was actively working to establish the scope of the breach.

"We are in the early stages of assessing the impacts, and I will share further updates as we gain a better understanding of the incident," Lieutenant General McGuinness said.

"If you think you may be impacted by this breach, the best way you can protect yourself is to not respond to unsolicited contact."

Tasmania’s Department of Education is also investigating the incident.

"Investigations commenced immediately and are ongoing. At this stage, while DECYP has been identified as being impacted by the cyber security incident, the specific impact of the incident is subject to further investigation by Instructure," a Department spokesperson said in a statement.

The University of Technology Sydney and the University of Sydney are also working on a response.

"If a breach of personal data has occurred, we will notify affected individuals and work closely with the National Office of Cybersecurity to manage the impact of the incident," a USyd spokesperson said.

"The university is one of approximately 9,000 educational institutions worldwide that is potentially impacted."

Why education?

Kash Sharma, Managing Director, ANZ, at cyber security firm BlueVoyant, said that breaches such as Instructure’s show that “schools are becoming an increasingly attractive target for cybercriminals”.

“Earlier this year, more than 1,700 Victorian government schools were similarly affected, exposing sensitive student records just as families prepared for the new school year,” Sharma told Cyber Daily.

“These incidents underscore a growing reality: education systems are no longer defending only their own networks, but also the expanding ecosystem of external vendors, platforms, and service providers connected to them.”

The issue is the sheer scope of the attack surface in the education sector. Not only are third-party providers such as Instructure driving attacks, but so are cloud services more generally, the adoption of online learning tools, and growing amounts of personal data held on aging school networks.

“For education leaders, third-party risk can no longer be treated as a procurement or compliance exercise. Institutional resilience now depends on the security posture of every connected vendor,” Sharma said.

“Effective third-party risk management requires continuous oversight across the full vendor lifecycle – from due diligence and onboarding through to ongoing monitoring, auditing, and incident response. Schools and education departments must move beyond static assessments and establish continuous visibility into vendor activity, security controls, and emerging threats.

“Without this shift, the rapid digitisation of education will continue to outpace the sector’s ability to secure it.”

Cyber DailyWant to see more stories from trusted news sources?
Make Cyber Daily a preferred news source on Google.

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

Tags: