Cyber Incident Victim: ACT Education Directorate
Date:
Aug 2020
Location:
Australia
Summary
ACT public school students received unsolicited emails containing explicit and disturbing content, including pornography and graphic images, due to a misconfigured email distribution list created during a security update. A student inadvertently triggered widespread dissemination by mistakenly emailing all Year 8 students, after which others exploited the list to share inappropriate material across multiple year groups, prompting temporary suspension of Google Classroom and email services. While no external breach occurred, the incident disrupted educational tools, necessitating phased restoration of access, and involved monitoring by federal authorities despite no formal investigation being opened.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the afternoon of August 14, 2020, ACT public school students began receiving unsolicited spam emails containing explicit and disturbing content through their Google Classroom accounts. The messages included requests for nudity, pornographic material, and graphic images such as deceased infants. Students from multiple schools received these communications, with email exchanges reviewed by media outlets showing confusion and distress among recipients. One student questioned, "What is going on?" at 12:11 PM, while others noted they didn't attend the same institutions, indicating widespread distribution across the territory's educational network. By approximately 1:00 PM, the ACT Education Directorate became aware of the incident but did not notify parents before the school day concluded. Access to student emails was subsequently disabled to contain the situation, though cached messages on devices like Chromebooks revealed a mix of inappropriate solicitations, prank encouragement, and peer attempts to stop the spam.
The incident originated from an unintended exposure during a security update to the ACT's Google education platform in April 2020, which created year-group email distribution lists. On August 14 at 10:00 AM, a student attempting to share work with classmates accidentally emailed all publicly educated Year 8 students in the ACT. This triggered a chain reaction where recipients exploited the distribution list's coding to spam other year groups. Authorities including the Australian Federal Police and eSafety Commissioner monitored the situation, though no external breach or data exfiltration occurred. ACT Education Minister Yvette Berry confirmed restoration timelines: Google Drive and Classroom access resumed by the following Monday, with full email functionality returning by week's end. The disruption left students without critical learning tools over the weekend, prompting official apologies and assurances of academic flexibility regarding affected assessments.