I write to inform you that on or about 4 January 2019, my email account was compromised resulting in a data breach.
As soon as I became aware of the breach, the School engaged the services of Vintek, a third-party IT specialist, to contain the breach, investigate the matter and implement remedial action. I can advise that the breach was contained on 7 January 2019.
Following a thorough investigation, Vintek advised that sufficient information was found to confirm unauthorised access to my email account.
Vintek also advised that my School electronic mailbox was at risk of compromise. Vintek has confirmed that there is no evidence that my mailbox was downloaded. However, they have taken a precautionary approach by advising the School that information contained in my mailbox was at risk of being accessed. The information stored in my mailbox included personal information of job applicants, business and financial reports/planning regarding the School, pick up locations for students (including names), communications with families in regard to staff concerns and family matters, communications with other schools, details of mandatory notifications, child custody issues, details regarding the location of past excursions and staff discipline matters.
This malicious activity was found to have originated from South Africa and Western Australia.
Horizon Christian School has taken a range of remedial actions to prevent further access to its information.
I wish to reassure you that the safety and wellbeing of our students is paramount and that I take the privacy of all staff, students and members of our community extremely seriously. Accordingly, the School has reset passwords to prevent further access to the Principal’s account, implemented different tiers of password rules across the School, training to all staff to enable them to identify and prevent data breaches, and increased audit logging on all mailboxes.
I sincerely apologise for this breach and understand the concern that it may cause you. The possible disclosure of your personal information was not intended to give rise to a breach of your privacy.
The School has notified the Office of the Australian Information Commissioner.
Please do not hesitate to contact me directly if you have any questions or concerns. You are also welcome to contact the Office of the Australian Information Commissioner on 1300 363 992.