UPDATE March 15, 2017 11am
PARENTS with children at Kimberley College have also complained of fraudulent credit card charges after the Queensland School Photography company’s website was hacked.
A letter from QSP sent to schools and posted on the Kimberley College Facebook page stated that their online ordering system was compromised and was taken down for investigation and security measures checked.
The system is for ordering prior to the date the photographs are taken.
Student photographs at Kimberley College were taken several weeks ago.
A number of parents with students at Hilliard State School have also been affected by the hacking.
One parent, who asked to be named only as Jenny, said her credit card statement showed about 15 transactions through the same merchant with international fees attached to each one, adding to about $500.
“I rang the bank immediately not knowing what had caused it,” she said.
Jenny said she received an email from Queensland School Photography a few days later stating that they had come to realise their website had been compromised and suggested that customers checked their bank statements.
PREVIOUSLY
PARENTS of children at Hilliard State School in Alexandra Hills have complained of thousands of dollars being charged to bank cards after a school photography company’s website was hacked.
The school warned parents via a Facebook post on Sunday afternoon to check their online banking transactions.
It is understood that a number of other schools in Queensland have also been warned of the breach by Queensland School Photography.
Commenting on the Hilliard State School post, one woman said $1885 was removed from her account, a second had been charged $1200 for flights and a third said $385 had been taken out fraudulently via 12 Uber transactions.
One said she had been contacted by her bank and the transaction – for a $4500 purchase in Canada – was cancelled.
The post stated the photography company’s website had been compromised and suggested parents checked their online banking.
“...Many of our families have had fraudulent transactions occur on their cards,” the post stated. “If you are affected please contact your banking institution and not the school.”
Operations manager for Queensland School Photography Thurid Cock said her company had been communicating directly with customers and investigations indicated no photos had been breached.
“The incident appears limited to payment card information,” she said.
“Given the instance of credit card fraud, law enforcement has been notified.”
Ms Cock said the company confirmed the incident on March 9 through consultations with the payment processing bank and notified customers the same day.
Asked over what period of time the breach might have occurred, Ms Cock said they were continuing to investigate.
“We cannot comment on such matters until those investigations are complete.”
Asked whether other schools in the Redlands were affected, Ms Cock said they were communicating directly with their customers and the bank.
The company stated on its website that it did not store any credit information.
“This website uses GeoTrust Extended Validation SSL Certificate to create a secure connection between the website and your computer. In accordance with Payment Card Industry (PCI) Data Security Standards (DSS), requirements are followed for secure management of card data,” the website stated.
