Belmont Christian College

Summary

Belmont Christian College, a New South Wales Christian school, suffered a ransomware attack by the Qilin group discovered on 7 August 2025. The attackers claimed to have exfiltrated student and employee data including personal information, immunisation records, incident reports, payment histories, and detailed staff information such as Working with Children IDs.

What Happened

On 7 August 2025, Belmont Christian College discovered unauthorised access to a limited part of its systems. The Qilin ransomware-as-a-service operation claimed responsibility for the attack and alleged they had stolen student and employee data. The leaked data reportedly includes personal information of students and staff, immunisation records, incident reports, payment histories, and detailed staff information including Working with Children IDs. Qilin, named after a mythical Chinese creature but believed to operate from the Confederation of Independent States based on Russian-language forum activity, runs a ransomware-as-a-service platform.

Impact on Individuals

The breach exposed sensitive information of students and staff at the NSW Christian school. Compromised data included personal details, medical records (immunisation information), incident reports, financial information (payment histories), and staff credentials including Working with Children IDs. The exposure of Working with Children checks raises particular concern given the sensitive nature of child protection credentials.

Organisational Response

Belmont Christian College immediately commenced an urgent investigation upon becoming aware of the unauthorised third party claiming to have accessed data from a limited part of their systems. The school engaged leading cyber security specialists to investigate the incident and determine the scope and nature of the compromised information.