This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Nagle Catholic College

Summary

Nagle Catholic College in Geraldton, Western Australia, was hit by a cyberattack in June 2019 that specifically targeted parents' financial details stored in the school's systems. The breach compromised banking information, contact details, and personal data of families with children enrolled at the Catholic high school. The attack on a regional school highlighted the vulnerability of educational institutions' payment systems to cybercriminals seeking financial data.

What Happened

Hacking. Cybercriminals targeted Nagle Catholic College's IT systems with the specific intent of accessing parents' banking details used for school fee payments and other transactions. The attackers gained unauthorised access to databases containing bank account numbers, BSB codes, and associated personal information including parent names, addresses, email addresses, and phone numbers. Schools typically store this financial information to facilitate direct debit payments for tuition fees, excursions, uniforms, and other expenses. The targeted nature of the attack suggested the criminals were specifically seeking financial data rather than conducting opportunistic broad-spectrum attacks.

Impact on Individuals

  • Banking Details Stolen: Bank account numbers and BSB codes compromised, enabling potential unauthorised transactions
  • Financial Fraud Risk: Direct threat of money being withdrawn from compromised accounts
  • Family Information: Parent and student details linked to financial data exposed
  • School Community Trust: Parents' confidence in providing financial information to schools undermined
  • Regional Impact: Tight-knit Geraldton community particularly affected by breach of local institution

Parents faced the immediate concern that their bank accounts could be targeted for fraudulent withdrawals or transfers.

Response

Nagle Catholic College immediately notified all affected parents and advised them to contact their banks to secure their accounts and monitor for suspicious transactions. The school engaged cybersecurity experts to investigate the breach, remove the attackers' access, and strengthen its IT security. The college worked with local banks to alert them to potentially compromised accounts and prevent fraudulent activity. Nagle Catholic College reported the incident to Western Australian education authorities and the Office of the Australian Information Commissioner. The school reviewed its payment systems and implemented enhanced security measures for storing and processing financial information. The breach prompted discussions within Catholic Education Western Australia and the broader school sector about the security of school payment systems and whether schools should minimise the financial data they store by using third-party payment processors with stronger security capabilities. +++

Verification Source: View original statement