This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Scotch College

Summary

Scotch College Melbourne, one of Australia's prestigious independent boys' schools, suffered a cyber attack over the weekend of 9-10 August 2025 when an unknown third party gained unauthorised access to the school's IT systems. The breach potentially exposed sensitive data belonging to current families and alumni, prompting the school to shut down all servers and disable user accounts as a precautionary measure.

What Happened

Over the weekend of 9-10 August 2025, an unknown third party gained unauthorised access to Scotch College's IT systems. The breach was detected and the school immediately shut down all servers and disabled all user accounts to prevent further unauthorised access. On 12 August 2025, Principal Dr Scott Marsh informed the school community, including current families and Old Scotch Collegians, about the cyber attack through written notification.

Impact on Individuals

The breach potentially affects current students, families, and alumni of Scotch College, which maintains extensive databases of personal information spanning generations. The school's alumni network includes prominent leaders in politics, business, science, sport, and the arts. At the time of disclosure, it was unclear whether any identifiable information had been accessed, though the school committed to contacting affected individuals directly if the investigation revealed that sensitive information had been compromised.

Organisational Response

Scotch College immediately shut down all servers and disabled user accounts upon detecting the breach. Principal Dr Scott Marsh promptly notified the school community on 12 August 2025. The school engaged the Australian Cyber Security Centre to conduct a comprehensive investigation into the breach to determine the scope and nature of any compromised data. The school committed to directly contacting affected individuals if the investigation revealed that sensitive information had been accessed or stolen.

Verification Source: View original statement