The Australian National University has been the victim of a significant data breach, compromising personal details of its staff and students dating back 19 years.
The breach occurred late-2018 and was detected two weeks ago. Officials say a ‘sophisticated operator’ is behind the breach and has had unauthorised access to a range of information belonging to the ANU community.
Depending on the information staff and student have provided to the University, details including names, addresses, dates of birth, phone numbers, personal email addresses and emergency contact details, tax file numbers, payroll information, bank account details, and passport details may have been copied.
Student academic records were also accessed but so far there has been no evidence that any information has been altered; only copied. They believe that research work has also not been affected.
The systems that store credit card details, travel information, medical records, police checks, workers’ compensation, vehicle registration numbers, and some performance records have not been affected.
In a statement, ANU Vice-Chancellor Brian Schmidt revealed that in the past two weeks, ANU has worked to strengthen their systems against secondary attacks and that they are working closely with Australian government security agencies and industry security partners to investigate further.
“As you know, this is not the first time we have been targeted,” the statement reads. “Following the incident reported last year, we undertook a range of upgrades to our systems to better protect our data. Had it not been for those upgrades, we would not have detected this incident.
“We must always remain vigilant, alert and continue to improve and invest in our IT security.”
“I assure you we are taking this incident extremely seriously and we are doing all we can to improve the digital safety of our community,” Professor Schmidt stated.
Authorities say that information in ANU email accounts has not been accessed. The ANU alumni network has also been informed about the breach.
ANU’s Chief Information Security Officer, Suthagar Seevaratnam, has advised the ANU community to remain vigilant and to regularly update their passwords and exercise caution when opening emails, especially ones from unknown sources. Read the full list of recommendations here.
A direct help line has been established for anyone seeking more information or with particular personal concerns on 1800 275 268. You can also email firstname.lastname@example.org. Counselling resources have also been increased for affected members. Visit the ANU website for more details.