5 June 2019

ANU staff and students on high alert after data breach by 'sophisticated operator'

| Ruwendi Wakwella
Join the conversation
4

The ANU has been struck by a significant data breach. Photo of Chifley library: Supplied.

The Australian National University has been the victim of a significant data breach, compromising personal details of its staff and students dating back 19 years.

The breach occurred late-2018 and was detected two weeks ago. Officials say a ‘sophisticated operator’ is behind the breach and has had unauthorised access to a range of information belonging to the ANU community.

Depending on the information staff and student have provided to the University, details including names, addresses, dates of birth, phone numbers, personal email addresses and emergency contact details, tax file numbers, payroll information, bank account details, and passport details may have been copied.

Student academic records were also accessed but so far there has been no evidence that any information has been altered; only copied. They believe that research work has also not been affected.

The systems that store credit card details, travel information, medical records, police checks, workers’ compensation, vehicle registration numbers, and some performance records have not been affected.

In a statement, ANU Vice-Chancellor Brian Schmidt revealed that in the past two weeks, ANU has worked to strengthen their systems against secondary attacks and that they are working closely with Australian government security agencies and industry security partners to investigate further.

“As you know, this is not the first time we have been targeted,” the statement reads. “Following the incident reported last year, we undertook a range of upgrades to our systems to better protect our data. Had it not been for those upgrades, we would not have detected this incident.

“We must always remain vigilant, alert and continue to improve and invest in our IT security.”

“I assure you we are taking this incident extremely seriously and we are doing all we can to improve the digital safety of our community,” Professor Schmidt stated.

Authorities say that information in ANU email accounts has not been accessed. The ANU alumni network has also been informed about the breach.

ANU’s Chief Information Security Officer, Suthagar Seevaratnam, has advised the ANU community to remain vigilant and to regularly update their passwords and exercise caution when opening emails, especially ones from unknown sources. Read the full list of recommendations here.

A direct help line has been established for anyone seeking more information or with particular personal concerns on 1800 275 268. You can also email helpline@anu.edu.au. Counselling resources have also been increased for affected members. Visit the ANU website for more details.

Join the conversation

4
All Comments
  • All Comments
  • Website Comments
LatestOldest

> ANU’s Chief Information Security Officer, Suthagar Seevaratnam, has advised the ANU community to … regularly update their passwords

No he hasn’t, and with good cause. Regularly changing your password hasn’t been considered good security practice for a long time (if it ever was). Even Microsoft will tell you as much: https://arstechnica.com/information-technology/2019/06/microsoft-says-mandatory-password-changing-is-ancient-and-obsolete/

Daily Digest

Want the best Canberra news delivered daily? Every day we package the most popular Riotact stories and send them straight to your inbox. Sign-up now for trusted local news that will never be behind a paywall.

By submitting your email address you are agreeing to Region Group's terms and conditions and privacy policy.