Australian Catholic University suffers data breach impacting the personal details of its staff
- The threat actors involved in the attack sent phishing emails pretending to be from a trusted organization.
- The emails included a link to a fake ACU login page.
The Australian Catholic University has suffered a fresh wave of cyberattack that resulted in the compromise of personal details of its staff. This is the second significant security breach that has occurred in a month at one of the country’s tertiary institutions.
In an email, the university confirmed that a number of staff email accounts and some university systems had been compromised in a phishing attack on May 22, 2019. This had enabled the hackers to steal the email accounts, calendars and bank account details of staff members.
"In a very small number of cases, staff login credentials were obtained successfully via the phishing email and were used to access the email accounts, calendars and bank account details of affected staff members," said the acting vice-chancellor Dr. Stephen Weller, The Sydney Morning Herald reported.
The threat actors involved in the attack had sent phishing emails that pretended to be from a trusted organization. The emails included a link to a fake ACU login page. Upon opening the link, it asked the victims to provide their login credentials.
"An email pretending to be from the ACU [was] tricking users into clicking on a link or opening an attachment and then entering credentials into a fake ACU login page," Dr. Weller added.
The attack on the university comes just weeks after a huge data breach at the Australian National University. The security breach at ANU had resulted in the compromise of personal data that was at least 19 years old. The personal data included information of both staff and students.
What action has ACU taken?
As a precautionary measure, the university has asked the victims to perform a password reset on their email accounts. In addition, it has also notified the banks about potential fraudulent activity.
Law enforcement agencies including the Office of the Australian Information Commissioner have been informed about the data breach.