Hackers steal thousands after Queensland School Photography targeted online

Hackers have targeted a school photography company, with fraudsters making transactions around the world using the credit card details of Queensland parents.

Queensland School Photography began emailing students’ parents on Thursday to warn of the hack, but it was not clear how widespread the security breach is or how much was stolen.

Parents have reported their cards being used for flights, accommodation and ride-sharing in locations including Europe and the US.

The company said its bank was conducting a full investigation after customers paid for school photos on their website.

The matter has also been referred to police.

“Our investigations indicate that no photos have been breached — the incident appears limited to payment card information,” operations manager Thurid Cook said.

“It is hard to ascertain the exact number of those affected, as most customers have contacted us after we gave a general notice of the incident to all customers.”

Queensland School Photography’s online payment system is now running again, after being taken offline following the breach.

Neil Laycock, whose daughter attends Tamborine Mountain State School in the Gold Coast Hinterland, said the scammers had stolen about $3,000 from his bank account.

“It was early Saturday morning. All of the transactions were really early while we were sleeping,” he said.

Mr Laycock said he had contacted his bank and was expecting to get his money back in the next six weeks.

Several parents at Hilliard State School, based in Alexandra Hills west of Brisbane, also said the fraudsters had used their card details.

Kylie Brouwer said about $1,200 was spent on flights using her account.

“There’s been quite a few people from the school,” she said.

“It makes me question where else I’ve used my credit card and how secure it is.”

In a statement to school principals, Queensland School Photography said credit card details were not stored on the company website.

It said its payment system complied Australian requirements and complied with Payment Card Industry Data Security Standards (PCIDSS).

Queensland Police referred inquiries to the Australian Cybercrime Online Reporting Network, which did not respond to a request for comment.

This post originally appeared on ABC News.