Australian education institutions are scrambling to assess the impact of a global cyber breach involving the Canvas learning management system, with state schools, universities and TAFE providers in multiple states confirming they have been affected.
Canvas Breach Hits Australian Education Sector
The breach involves Canvas, a cloud based learning management system developed by American company Instructure, which is used by almost 9,000 institutions worldwide. Among Australian providers confirmed to have been affected are state schools in Queensland and Tasmania, universities in New South Wales and South Australia, and TAFE in Tasmania.
Instructure said over the weekend on its customer status page that it had recently experienced a cybersecurity incident carried out by a criminal threat actor. The company said it was working quickly to understand the extent of the incident and reduce its impact.
FCRF Academy Launches Premier Anti-Money Laundering Certification Program
Company Says Incident Has Been Contained
Instructure chief information security officer Steve Proud later said the company believed it had contained the incident. He said the information involved appeared to consist of certain identifying information of users at affected institutions, including names, email addresses, student ID numbers and messages among users.
The company also said that, at this stage, it had found no evidence that passwords, dates of birth, government identifiers or financial information were involved. Australian national cyber security coordinator Michelle McGuinness said her team was coordinating efforts to understand what Australian data may have been affected and urged anyone who thought they may be impacted not to respond to unsolicited contact.
Wider Concerns Across Schools and Universities
The cybersecurity website BleepingComputer reported that the hacking group ShinyHunters had claimed responsibility for the breach. It is also understood that the compromised Canvas data has not been publicly released at this stage.
Queensland authorities said tens of thousands of students and teachers studying or working at state schools since 2020 were among those affected. Education minister John Paul Langbroek said early advice suggested that more than 200 million people worldwide across more than 9,000 schools, universities and other institutions could be affected. In Tasmania, the Department of Education confirmed it had been notified of the breach, while TasTAFE said some of its students had been compromised following the cyber attack.
As institutions continue investigating the consequences, education unions and officials have called for a thorough inquiry into how the breach occurred and how similar incidents can be prevented in future.
About the author – Ayesha Aayat is a law student and contributor covering cybercrime, online frauds, and digital safety concerns. Her writing aims to raise awareness about evolving cyber threats and legal responses.
