A cyberattack on the Australian technology group PNORS compromised the data of several Victorian schools. The Australian-owned IT solutions enterprise has over 1000 clients and serves five state government departments, including the department of education and training. As per reports, sensitive student data was stolen in the ransomware attack.
What did the company say?
PNORS technology group announced on Saturday that two of its businesses, namely Datatime and Netway, suffered a cyberattack on Thursday, November 3. Datatime and Netway handle several documents, digital conversions, and IT support for its clients. The company has taken the necessary steps, such as activating an incident response, engaging cybersecurity specialists to investigate the incident, and notifying the affected clients following the attack.
Impacted schools have also notified families about the incident. Kilvington grammar school emailed its student families about the data breach that included some personal information. However, the school also stated that its primary database was not breached in a statement to its families.
The data breach
The breached school records included details of the former, current, and waiting list students, including dates of birth, addresses, email IDs, medicare number, and other health information. Additional sensitive personal information that was stolen also included the school entrance health questionnaire filled out by all the families who get their child admitted to either Victorian primary school, government, catholic, or independent schools. The details in the questionnaire also included behavioral and developmental issues, demographics, and drug problems.
The company’s chief executive officer Paul Gallo said, “Overnight the criminals behind the cyberattack released to the company in a private communication a sample of what is believed to be stolen data,” according to a report by the Age. Hackers got in touch with PNORS on Saturday with samples of the stolen data.
The Victorian government is working with the PNORS to understand the full impact of the data breach. At the same time, the government’s cyber incident response service is also expected to facilitate the investigations.
Australian companies have suffered a series of cyberattacks this year, including the cyberattack on the telco Optus, Medibank data breach, and Australasian real estate company Harcourts which was hit by a cyberattack in October. Kilvington grammar school based in Ormond also suffered a ransomware attack in October. A notice was posted on the LockBit website claiming the data breach after posting some of Kilvington’s data.