The principal of a Catholic school in West Australia’s Mid-West has cautioned parents that their bank info and their signatures may have been compromised after their school was targeted in a recent cyber-attack.
Rob Crothers, the principal, expressed his deep regrets for the data breach, which he said was highly sophisticated and well planned out. He said there were other schools that had been targeted in the widespread cyber attack that began on June 11th.
Several parents who did not want to be identified said they had cancelled their credit card and ordered another because they were afraid the information may have been stolen. One of the parents, said the breach was a total shock for them but they were somehow appeased with the school’s response.
Allegedly, the cyber-attack started after someone mistakenly opened a link in an email sent to the college, which is in Geraldton about 400 kilometers north of Perth. The email most likely contained malware or an injected phishing sort of attack took place.
Parents who may have provided information relating to accounts from which to take fee payments or to make payments to the school could have been compromised if they were sent by email format.
Certainly, anyone who has sent information to the college by email, particularly of a financial nature, would be susceptible to the attack having taken place. The data breach was reported to the Catholic Education WA (CEWA), the governing institution for Catholic schools in the state. Crothers said the organization had hired a private security firm and the college was committed to improving cyber security.
CEWA immediately issued a statement saying it had been advised of incidents where employees may have been targeted in an attempted cyber-attack. They were not aware of any further cyber security incidents in other schools or offices that have resulted in confidential information being compromised.
It is now working with cyber security experts to mitigate and address the data leak.
Catholic Education Western Australia said they got several reports of incidents where several individuals may have been targeted in an attempted cyber-attack. CEWA has systems and measures in place to monitor and respond to cyber security incidents and continues to work closely with cyber security experts to address any potential breach.
In instances where a potential breach may have taken place, CEWA follows a stringent reporting process including notification to those who may have been affected. Advising them to treat every email as suspicious, monitor accounts closely for strange transactions and contact their banks for advice on money protection.