The security breach of the cloud-based Canvas learning management system, operated by US company Instructure, initially occurred on May 2, globally impacting thousands of schools, universities and businesses.
On Friday, the system went offline for many universities, with some students, including those at University of Sydney, reporting they had received a ransom message posted through the platform.
''ShinyHunters has breached Instructure (again),'' the message, seen by AAP, read.
''Instead of contacting us to resolve it they ignored us and did some 'security patches','' it said.
The University of Sydney said Canvas had been experiencing a global outage since 6am on Friday after Instructure placed it into "maintenance mode".
"We are one of approximately 9000 institutions around the world that are impacted by this outage, and we are still awaiting clear advice from Instructure," it said in a statement on Friday afternoon.
It acknowledged disruptions to students and staff and advised them not to attempt to log in to the service pending further updates.
The University of Melbourne has also been impacted by the outage and has extended its deadlines over the weekend.
It is not known whether any personal information has been leaked in the cyber hack, with the system widely used to deliver and manage learning for students and staff.
South Australia's Flinders University, RMIT in Melbourne, Tasmania's Technical and Further Education Institute, and University of Technology Sydney have all been affected.
On Thursday, Queensland education minister John-Paul Langbroek said he had been briefed on a breach involving Instructure, which delivers the education department's QLearn program.
"Advice at this stage is names, email addresses and school locations have been compromised in the international data breach," he said.
"No evidence of passwords, dates of birth or financial information being accessed in the data breach."
Instructure confirmed the incident in a post to its status website over the weekend.
"Instructure recently experienced a cybersecurity incident perpetrated by a criminal threat actor," Steve Proud, chief information security officer, wrote.
"We are actively investigating this incident with the help of outside forensics experts."
The following day, he wrote the incident appeared to have been contained and later added further updates would be shared directly with customers.
National Cybersecurity Co-ordinator Michelle McGuinness confirmed the incident in a post to LinkedIn on Friday.
"My team is working closely with state and territory governments and education peak bodies to collectively address the impacts arising from this incident," Ms McGuinness said.
She added there was no sign personal identification documents or financial information had been impacted but that the full impact was not yet clear.
"Anyone impacted by a cyber incident should maintain a heightened awareness of potential scam activity," she said.
13°C