🔒breach.co.nz · the NZ & Australia breach register 🛡️ A Govern service
Register › 🇦🇺 AU › Government
Advertising
Your brand, in front of the right people
Run-of-site leaderboard — every ad-supported page across the register.
Enquire → breach@govern.co.nz

Queensland Department of Education

🇦🇺 Queensland · Queensland Department of Education (via Instructure Canvas / QLearn) · Record AU-2026-0052
○ Reported — awaiting official confirmation
Reported — awaiting official confirmation. The facts below are drawn from the organisation's own disclosure and credible reporting. Figures are as reported; unknowns are labelled, not estimated by us.
People affected
Not disclosed
Breach date
2026-05
Regulator
none
Trust tier
B · Reported

Data exposed

Names, email addresses, school locations, student ID numbers and user messages; the Education Minister said there was no evidence passwords, dates of birth or financial information were accessed Media-reported

Confidence: Confirmed = regulator/court · Company-confirmed = the organisation's own disclosure · Media-reported = press. Figures without an official source are labelled, not estimated.

What happened

In May 2026 the Queensland Department of Education confirmed that students and staff had been affected by a data breach involving its third-party learning-management platform, Instructure Canvas (branded locally as “QLearn”) [qde-cyberdaily]. The Education Minister said the exposed information included names, email addresses, school locations, student ID numbers and user messages, and that there was no evidence that passwords, dates of birth or financial information had been accessed [qde-cyberdaily], [qde-indaily]. The incident was reported as part of a wider campaign attributed to the group known as ShinyHunters — an attribution that comes from the attackers’ own claims and media reporting [qde-cyberdaily].

Timeline

  • 2026-05 — The breach of the Instructure Canvas platform was reported and attributed by media to ShinyHunters [qde-cyberdaily].
  • 2026-05-07 — The Queensland Education Minister issued a public statement confirming the impact on students and staff [qde-indaily].

Current status

Disclosed. Schools were notifying affected families. No confirmed count of affected Queensland individuals has been published — figures cited for the underlying Canvas platform refer to its global user base, not to Queensland, so no figure is asserted here [qde-cyberdaily], [qde-indaily].

Why it matters

A state education department holds data on hundreds of thousands of children, and a breach reached through a shared learning platform shows how a single third-party system can expose an entire school sector at once.

GGOVERN Tabletop Exercises · Govern house Brief the minister with a decision you’ve already rehearsed. Book a Discovery Call →