A major cyberattack has exposed the personal information of Victorian government school students, leaving parents and schools scrambling for answers. This breach, confirmed on January 14, 2026, by the Department of Education, involved an external third party gaining access to sensitive student data. But what exactly was taken, and what does it mean for the students affected? Let's dive in.
The Department of Education sent an email to parents, alerting them to the 'cyber incident.' The email stated that a database containing both current and former student information had been compromised. While the exact number of affected students remains unknown, the breach accessed details such as student names, school-issued email addresses, school names, and year levels. Thankfully, other sensitive data like dates of birth, phone numbers, or home addresses were not obtained.
And this is the part most people miss... The breach is believed to have occurred through a school network, affecting both active and former student accounts. The department has identified the point of the breach and implemented safeguards, including temporarily disabling systems to prevent further data access. They are working with cyber experts, other government agencies, and schools to mitigate any disruption, especially as students prepare to return to school later in the month. The department has also stated there's no evidence the stolen data has been publicly released or shared.
Schools in Melbourne's north, west, and south-east, including both primary and high schools, have been affected. One school advised parents concerned about their child's location being known to contact the school, Victoria Police, or the Orange Door family violence support service.
Acting Deputy Secretary Stacey Gabriel informed school leaders about the breach, noting that the Compass platform (used for school-family communication) hadn't yet been updated with 2026 data. A reset of all student passwords has locked secondary students out of their accounts, but new passwords will be issued at the start of term 1, prioritizing VCE students. Gabriel also provided principals with template letters for primary, secondary, and prep to year 12 schools.
Opposition Leader Jess Wilson has called for more information, stating that families deserve immediate answers about the number of students affected, the sensitive information compromised, and how the incident occurred.
This situation raises some critical questions, doesn't it? Do you think the Department of Education's response has been sufficient? What further steps should be taken to protect student data in the future? Share your thoughts in the comments below – let's start a conversation!
