Australian National University breach compromises student records
News / Australian National University breach compromises student records dating back 19 years
4 June 2019
Australian National University announced earlier today that it was recently at the receiving end of a massive data breach that compromised personal data belonging to staff, visitors, and students dating back 19 years.
The university said that the breach occurred when hackers gained access to internal systems that stored vast amounts of personal data belonging to staff, visitors, and students. Compromised data included names, addresses, phone numbers, dates of birth, emergency contact details, tax file numbers, payroll information, bank account details, student academic records, and student academic transcripts.
Fortunately, internal systems that stored other details such as credit cards, travel arrangements, police history checks, workers’ compensation, some performance development records or medical records were not targeted by hackers and hence have not been compromised.
The university is working with Australian government security agencies and industry security partners to determine the extent of the data breach but has not been able to attribute the attack to specific actors yet.
Second cyber attack on Australian National University in two years
“We detected the data breach on 17 May, 2019. Before these incidents are made public, it’s important that we are able to implement increased security measures to prevent any secondary or opportunistic attacks,” the university said, adding that the data breach did not impact any research or intellectual property data.
“As you know, this is not the first time we have been targeted. Following the incident reported last year, we undertook a range of upgrades to our systems to better protect our data. Had it not been for those upgrades, we would not have detected this incident. We must always remain vigilant, alert and continue to improve and invest in our IT security,” said Brian Schmidt, the Vice-Chancellor of Australian National University.
“I assure you we are taking this incident extremely seriously and we are doing all we can to improve the digital safety of our community. We are all affected by this and it is important we look after one another as our community comes to terms with the impact of this breach,” he added.
According to Suthagar Seevaratnam, Chief Information Security Officer of Australian National University, information obtained by hackers from the university’s internal systems could be leveraged by them to carry out further attacks on Australian citizens and therefore, staff and students at the university need to be vigilant against future attacks.
The CISO has advised students to immediately change their ANU account passwords and to use two factor authentication for all online services they are presently using. He also advised students to look out for phishing emails from hackers masquerading as university officials, to avoid using public Wi-Fi unless they use a Virtual Private Network (VPN) service, and to not accept USB devices from promotions or untrusted sources.
In July last year, ABC News reported that suspected Chinese hackers had managed to gain access to internal systems of Australian National University but even though the university admitted that it was breached, it said that no staff, student or research information were compromised following the breach.