Hundreds of parents of students at a catholic high school north east of Melbourne have had their credit card information stolen over the school holidays.
In a letter sent out on January 30, parents of Mount Lilydale Mercy College were made aware of the breach ,which impacted 400 people.
WATCH THE VIDEO ABOVE: Hackers target Melbourne school
Watch the latest news and stream for free on 7plus >>
According to principal Philip A Morison, the college was made aware of the cyber attack by “third-party hackers” on January 11 by the Australian Federal Police (AFP).
An AFP spokesperson said it notified the college after receiving “information which indicated potential suspicious activity had originated from their network”.
The breach also impacted former parents whose credit card numbers the college still had on file.
Information regarding CCV numbers was not taken.
“After becoming aware of the suspected data breach … we engaged specialist cyber incident response experts, including cybersecurity analysts and forensic IT investigators, to guide our actions,” Morison said.
“Whilst these investigations are underway and only minimal information is currently available, we are able to confirm, at the least, that certain personal information of some community members is likely to have been illegitimately accessed in the breach.”
According to the letter, the 400 parents who have been impacted had already received a letter regarding the breach on Friday.
One parent told 7NEWS that he was comfortable with the way the school had handled the breach.
“It’s a little bit worrying but I’m sure that they’ve got it all under control,” he said.
Another parent said he would have liked to have been told about the breach when it happened instead of three weeks later.
“I would have liked to have known immediately,” he said.
Morison said the school will continue to work with IT experts to pinpoint exactly what information has been stolen from each person.
“I wholeheartedly apologise this has happened,” he said.
“Rest assured, we have the best cyber experts working with us on this matter and we are doing everything possible to handle this situation according to best practice for cyber incidents of this nature.”
At this stage the AFP will not be investigating the data breach.
If you’d like to view this content, please adjust your .