Greek Orthodox school All Saints Grammar in Sydney has reassured parents and caregivers there is “no evidence” student, parent or staff data was compromised following a global cyber incident involving the Canvas learning management platform.
The school issued a detailed statement to families after widespread reports linked hundreds of educational institutions worldwide to a cyberattack allegedly carried out by hacking group ShinyHunters.
Canvas parent company Instructure had previously confirmed that personal information, including names, email addresses, student IDs and some inbox messages, may have been accessed during the incident, which prompted investigations across Australia and overseas.
In its communication to families, All Saints Grammar stressed that according to official advice received directly from Canvas, the incident involved “an unauthorised actor making temporary changes to certain pages visible to some users while logged into the platform.”
The school said Canvas acted immediately to contain the issue by temporarily placing the platform into maintenance mode while investigations were undertaken.
Importantly, the statement highlighted assurances from Canvas that investigators had “found no evidence that the unauthorised actor established persistence, obtained credentials for accounts within [All Saints Grammar], or exfiltrated any additional data.”
“There is no indication that any All Saints Grammar accounts, passwords or personal information were accessed or compromised,” the school stated.
All Saints Grammar also explained that it uses Single Sign-On (SSO) authentication for Canvas access, meaning login credentials are managed securely through the school’s own authentication systems rather than stored directly within the Canvas platform itself.
The school said this provided “an additional layer of protection for our community regardless of this incident.”
Head of School Mrs Elfa Lillis told families the protection of student, parent and staff information “remains a priority,” adding the school would continue monitoring communications from Canvas and respond promptly should any further verified information arise.
“We appreciate your understanding and ongoing trust,” Mrs Lillis wrote.
The school also reminded families about the importance of maintaining good online security practices, including using strong passwords and remaining cautious of suspicious emails or messages requesting login details.
The reassurance comes amid heightened concern across Australia’s education sector after a list published online by hackers allegedly named 177 Australian schools, universities and educational organisations connected to the incident.
