A major QLearn cybersecurity incident has affected thousands of educational institutions globally, including Queensland state schools and universities, after a cyber breach involving third-party education technology provider Instructure exposed personal information linked to students and staff. Queensland Education Minister John-Paul Langbroek confirmed the incident in an official statement, saying the Queensland Department of Education was briefed about the international cybersecurity breach involving Instructure, the provider behind the Department’s online learning platform, QLearn. According to early assessments, the breach may affect more than 200 million people and over 9,000 institutions worldwide, making it one of the largest education-sector cybersecurity incidents disclosed this year.

QLearn Cybersecurity Incident Impacts Queensland Schools

The Department of Education said students and staff who have worked or studied at Education Queensland schools since 2020 may have been affected by the QLearn cybersecurity incident. Authorities stated that compromised information currently appears limited to names, email addresses, and school locations. Officials added there is currently no evidence that passwords, dates of birth, or financial information were accessed during the breach. The online learning platform QLearn was introduced in Queensland schools in 2020 under the previous government and has since become a widely used digital education system across the state. Minister Langbroek said school principals have already begun contacting affected families and teachers to notify them about the breach and provide further guidance. “This morning I have been briefed by the Department of Education about an international cybersecurity breach involving a third-party provider, Instructure, which delivers the Department’s online learning platform, QLearn,” Langbroek said in the statement.

Instructure Data Breach Raises Concerns Across Education Sector

The QLearn cybersecurity incident has once again highlighted the growing cybersecurity risks facing the global education sector, particularly as schools and universities continue relying heavily on third-party digital learning platforms. Because the breach involves Instructure, a provider serving institutions across multiple countries, the incident extends far beyond Queensland. Authorities indicated that educational institutions across Australia and overseas are also impacted. While officials stressed that no sensitive financial or authentication data has been identified as compromised so far, cybersecurity experts often warn that exposed personal information such as names and email addresses can still be valuable to cybercriminals. Threat actors frequently use this type of information in phishing campaigns, identity-based scams, and social engineering attacks targeting students, parents, and school employees. The Department of Education has not publicly disclosed how the cybersecurity breach occurred or whether any ransomware or unauthorized network access was involved. Investigations into the incident are ongoing.

Queensland Department Prioritizes Support for Vulnerable Families

In response to the QLearn cybersecurity incident, the Queensland Department of Education said it is prioritizing support for vulnerable individuals and families potentially affected by the breach. According to the Minister’s statement, the Department is providing priority assistance to families and teachers with known family and domestic violence concerns, as well as individuals connected to Child Safety services. The additional support measures appear aimed at reducing potential risks associated with the exposure of school-related location information and contact details. Government agencies increasingly recognize that cybersecurity incidents affecting education systems can carry broader safety implications, especially for vulnerable groups whose personal or location-related information may require additional protection.

Global Education Sector Continues Facing Cybersecurity Threats

The QLearn cybersecurity incident adds to a growing list of cyberattacks and data breaches targeting educational institutions worldwide. Schools, universities, and online learning providers have become frequent targets due to the large amount of personal information they manage and the widespread use of interconnected digital platforms. Education systems often rely on multiple third-party vendors for online learning, communications, and student management services, increasing the potential attack surface for cybercriminals. The Queensland Department of Education said it will continue updating the public as more information becomes available from the ongoing investigation into the breach. At this stage, authorities have not advised affected individuals to reset passwords or take additional security measures, though officials are continuing to assess the full scope and impact of the incident. The investigation into the Instructure-related breach remains active as educational institutions worldwide work to determine the extent of the exposure and any potential long-term cybersecurity implications.

Learn why language schools should prioritize cybersecurity and how passwordless authentication improves security and protects student data.

The post Why Language Schools Should Prioritize Cybersecurity: A Passwordless Approach appeared first on Security Boulevard.

It all sounds pretty dystopian:

Inside a white stucco building in Southern California, video cameras compare faces of passersby against a facial recognition database. Behavioral analysis AI reviews the footage for signs of violent behavior. Behind a bathroom door, a smoke detector-shaped device captures audio, listening for sounds of distress. Outside, drones stand ready to be deployed and provide intel from above, and license plate readers from $8.5 billion surveillance behemoth Flock Safety ensure the cars entering and exiting the parking lot aren’t driven by criminals.

This isn’t a high-security government facility. It’s Beverly Hills High School.

Hackers are more likely to target educational institutions than private businesses, government survey shows

When hackers attacked UK nurseries last month and published children’s data online, they were accused of hitting a new low.

But the broader education sector is well used to being a target.

Continue reading...

© Photograph: MBI/Alamy

© Photograph: MBI/Alamy

© Photograph: MBI/Alamy

2024 continued the trend of ransomware attacks in the education sector making headlines. The year opened with Freehold Township School District in New Jersey canceling classes due to a ransomware attack. Students at New Mexico Highlands University missed classes for several days while employees experienced disruption of their paychecks after a ransomware attack. The attack on the Alabama Department of Education served as a reminder that all school systems are vulnerable.

Ransomware attacks in education decreasing

The year closes with some positive news about ransomware in the education sector. Sophos State of Ransomware in Education 2024 found that ransomware attacks on educational institutions decreased in 2024. Attacks on higher-education institutions dropped from 79% reporting attacks in 2023 to 66% in 2024. Lower education saw a similar decrease, from 80% in 2023 to 63% in 2024. However, the attack rates for both are still higher than the global cross-sector average of 59%.

Ransomware affects education quality

Not surprisingly, a recent study also found that students are impacted by ransomware attacks on the education sector. A study from Action1 found that the majority (64%) of education IT workers report that ransomware impacts education quality. Researchers found the reasons for the attacks are multifold, including that 44% devote only 10% of their IT budget to cybersecurity and the majority of schools (78%) do not employ cybersecurity specialists.

In an NPR article, Noelle Ellerson Ng with the School Superintendents Association said that the reason for targeting the education sector is that schools are often low-hanging fruit. Additionally, she points to the fact that school systems, which collect a lot of valuable data from both students and employees, often are the largest employers in a community.

“That makes it very, very ripe,” says Ng. “And then you layer on the fact that [the data] is so sensitive and so longitudinal and so personal, and there’s a huge vulnerability.”

Read the Cost of a Data Breach Report

Reducing cyber risks in the education sector

Even with the decline, schools should continue to focus on reducing their vulnerabilities.

Here are some ways schools can reduce ransomware risk:

• Install antivirus and anti-malware software on all devices. Be sure to also include tablets and phones. Make sure that updates and patches are installed on a timely basis.
• Provide training to all employees and students. Teach good cybersecurity practices, including choosing strong passwords and how to avoid being a victim of phishing. Continually send reminders on not clicking on unknown links or downloading suspicious files.
• Install filtering software. By filtering out potentially malicious links and files, you can reduce the chance of students or employees falling victim to a phishing scheme.
• Use multi-factor authentication (MFA). Because ransomware attacks can start with unauthorized access, educational organizations should take extra steps to ensure that every user who logs in is who they claim to be. With MFA, users must use email, text or token in addition to a password, adding an extra layer of security.

Recovery costs have increased

While the decrease in attacks was positive, Sophos’ report found a troubling trend — the recovery costs have more than doubled for ransomware attacks in education. Lower-education organizations reported a mean cost of $3.76 million to recover from a ransomware attack in 2024, compared to $1.59 million. Researchers found the increase even higher in higher education, more than four times higher from 2023 to 2024 ($1.06 million to $4.02 million).

Here are ways to reduce recovery costs:

• Back up your data. In addition to backing up data in real-time, educational institutions should take precautions to secure the backups, such as by using air-gapped backups as well as immutable backups that cannot be erased. Sophos found that costs for lower-education institutions whose backups were compromised were five times higher ($3 million versus $562,500) than those who had a backup to revert to.
• Segment the network. When a ransomware attack happens on a segmented network, cyber criminals can encrypt only the portion of the network that they accessed. By reducing the amount of data breached and the systems impacted, schools can significantly reduce recovery time and costs.
• Create an incident response plan. Often, the recovery is extended due to schools not containing the ransomware quickly enough. Additionally, business disruption also adds to the recovery time. With an incident response plan, employees know exactly what to do when a ransomware attack occurs by including the four fundamentals of a response plan — planning, detection, recovery and post-incident actions.

Propensity for paying ransom has increased

Recovery costs are also increasing due to the changes in the ransom payment patterns and amounts. When an educational organization pays the ransom to gain access to their data, that exponentially increases the recovery costs.

The Sophos Report found that the decision to pay the ransom has increased in both higher and lower education. In 2023, 56% of educational organizations attacked by ransomware paid the ransom, compared with 67% in 2024. The number of higher-education institutions paying the ransom also increased from 47% to 62%.

Additionally, the amount of the ransom has increased, which also adds to the rising recovery costs. The average ransom in lower education was $3.9 million, with 44% of demands of more than $5 million. Higher education demands also increased to $4.4 million. Ransoms in critical infrastructure sectors, such as education, tend to be higher due to the urgency of restoring operations as well as the sensitive nature of the data. Additionally, cyber criminals increasingly use double extortion, demanding a ransom to unencrypt the data and then a second ransom to not make the data public, which increases recovery costs.

The future of ransomware attacks in education

While the decrease in attacks is positive, educational organizations must pay attention to the rising recovery costs. Because every dollar spent in education towards recovering from an attack means money is not available for learning, the costs of ransomware recovery are even more impactful than other sectors. By proactively taking steps to both reduce risks and reduce recovery costs, educational organizations can keep their focus on what matters most — educating students.

The post Reducing ransomware recovery costs in education appeared first on Security Intelligence.