Parents’ Credit Card Info Stolen in Australian High School Hack

About 400 parents of students attending Mount Lilydale Mercy College, a Catholic high school near Melbourne, Australia, were recently informed of a cyberattack that exposed their credit card details.

According to a local news outlet, the Australian Federal Police (AFP) notified school officials of unauthorized access to their network on Jan. 11.

The investigation revealed that the parents, including those of former students, had their credit information (excluding CVV numbers) stolen in the hack.

The data breach letter sent to impacted individuals offers no additional information on how the attackers gained access to Lilydale’s databases.

“Our cyber consultants, together with members of our College Leadership team, have been working together to learn how the breach occurred, ascertain precisely who is impacted, and specifically what information in relation to each person, has been accessed,” Principal Philip Morison explained in the letter.

“Unfortunately, it was recently confirmed that the credit card information, but importantly excluding CCV numbers, of around 400 parents appears to have been illegally accessed,” Morison added. “Those impacted individuals have already been notified in order for them take personal mitigative action with their financial institutions, such as cancelling cards.”

The school also said that it is in the process of reporting the incident to the Australian Information Commissioner and other legal and law enforcement offices.

Parents, on the other hand, should cancel compromised credit cards and closely monitor their financial accounts for suspicious activity, it said. To prevent identity theft and other financial crimes, data breach victims can take more proactive measures, and:

• Ensure that online accounts are protected with strong passwords by using a password manager
• Enable two-factor authentication on sensitive and financial accounts
• Monitor their online identity by opting for a dedicated digital identity protection service that scours the web for privacy threats, data breaches and leaks
• Install a security solution to protect against malicious attacks, phishing and ransomware attacks