Hundreds of parents at Mount Lilydale Mercy College have been caught up in a data breach after hackers accessed credit card information in early January.
Around 400 parents had their personal information taken, with the school contacting those by way of a letter to inform them of the breach.
“Those impacted individuals have already been notified in order for them to take personal mitigative action with their financial institutions, such as cancelling cards,” Principal Philip Morison said.
“Since becoming aware of the suspected data breach on 11 January 2023, we have engaged specialist cyber incident response experts, including cybersecurity analysts and forensic IT investigators, to guide our actions without delay.”
Mr Morison said the school was taking the necessary steps to protect college families’ information into the future and apologised for the harm caused.
“The protection of data and personal information is of paramount importance to us at Mount Lilydale Mercy College and, on behalf of the College, I wholeheartedly apologise that this has happened,” he said.
Working alongside cyber experts, Mr Morison said investigations into the breach would be ongoing.
The Office of the Australian Information Commissioner, Australian Cyber Security Centre, the Australian Federal Police and the Australian Taxation Office have all been informed of the data breach.
Hacking incidents can come about from simply clicking on a link in a phishing email, opening systems of information.
“We are confident our IT environment has now been safeguarded and the perpetrators locked out,” Mr Morison said.
“We will take learnings from the ongoing investigation and if there are ways to tighten our cyber security practices, we won’t hesitate to make changes.”