January 14, 2026 — 7:39pm
Save
You have reached your maximum number of saved items.
Remove items from your saved list to add more.
Save this article for later
Add articles to your saved list and come back to them anytime.
Got it
AAA
Hackers have stolen the names and email addresses of an unknown number of Victorian government school students in a major cybersecurity breach.
The Department of Education confirmed on Wednesday evening that an external third party had accessed the sensitive data.
A third party has accessed Victorian school student data. Getty
However, it would not confirm when the hack took place or how many students were affected.
The email sent to parents, and seen by The Age, was titled “Message from the Department of Education – Cyber Incident”.
“I am writing to inform you of a cyber incident that has impacted some student data across all Victorian government schools,” it reads.
“A Department of Education database with current and past student information was accessed by an external third-party.”
It is believed the information was accessed through a school network, with both active and former students’ accounts accessed. Details stolen included student names, school-issued email addresses, school names and students’ year levels, but no other personal data such as dates of birth, phone numbers or home addresses was obtained.
A department spokesperson said it has identified the point of the breach and put safeguards in place, “Including the temporary disabling of systems to ensure no further data is able to be accessed.”
The department says it is now working with cyber experts, other government agencies and communicating with schools to ensure it does not disrupt students when they start school later this month.
“There is no evidence to suggest that the data accessed has been released publicly or shared with other third parties,” the spokesperson confirmed.
The Age is aware of schools in Melbourne’s north, west and south-east that have been impacted, including primary and high schools.
In a letter to parents, one school advised anyone concerned about their child’s school location being known to contact the school, Victoria Police or family violence support service Orange Door.
The department’s acting deputy secretary Stacey Gabriel wrote to school leaders on Wednesday afternoon regarding the breach.
In the email, seen by The Age, Gabriel said Compass, the platform schools use to communicate with families, is yet to be updated with 2026 data, including that of prep students due to start school in a fortnight.
She said a reset of all student passwords meant secondary students would be locked out of their accounts, but that new passwords will be issued at the start of term 1, with VCE students to be prioritised.
Gabriel also provided principals with three proforma letters; one each for primary, secondary and prep to year 12 schools.
Opposition Leader Jess Wilson said parents deserve further information on the breach.
“This is a deeply concerning incident and families need immediate answers,” she said on Wednesday evening.
“Jacinta Allan must confirm how many students have been exposed, what sensitive information has been compromised and how this incident occurred.”
Be the first to know when major news happens. Sign up for breaking news alerts on email or turn on notifications in the app.
Save
You have reached your maximum number of saved items.
Remove items from your saved list to add more.
Bridie Smith is an education reporter at The Age. A former desk editor, she has also reported on science and consumer affairs.Connect via Twitter, Facebook or email.From our partners