Australian National University suffered data breach impacting its staffs and students

• The compromised systems contain personal information of staffs and students including names, addresses, dates of birth, phone numbers, email addresses, contact details, tax file numbers, employee payroll information, bank account details, passport details, and student academic records.
• The VC further confirmed that there is no evidence that research work has been compromised.

The Vice-Chancellor of Australian National University disclosed that they have discovered a data breach two weeks ago that has compromised the personal data of its staff and students.

The big picture

Upon discovery, ANC conducted an investigation and found out that an unauthorized third-party gained access to the University’s internal systems in late 2018.

“We believe there was unauthorized access to significant amounts of personal staff, student and visitor data extending back 19 years,” Vice Chancellor Brian Schmidt said.

• ANC is working closely with Australian government security agencies and industry security partners to conduct an extensive investigation to determine the source and nature of the incident.
• The University has also taken security measures to enhance its IT security in order to prevent such incidents from happening in the future.
• Schmidt added that CISO will be issuing advice on how to better protect our systems and that he strongly recommends everyone to implement those precautionary measures.

“As you know, this is not the first time we have been targeted. Following the incident reported last year, we undertook a range of upgrades to our systems to better protect our data. Had it not been for those upgrades, we would not have detected this incident,” Schmidt said.

What is the impact?

The compromised systems contain personal information of staffs and students including names, addresses, dates of birth, phone numbers, email addresses, contact details, tax file numbers, employee payroll information, bank account details, passport details, and student academic records.

However, the systems that hold credit card details, travel information, medical records, police checks, workers' compensation, vehicle registration numbers, and performance records have not been affected.

The VC further confirmed that there is no evidence that research work has been compromised.

“I assure you we are taking this incident extremely seriously and we are doing all we can to improve the digital safety of our community. We are all affected by this and it is important we look after one another as our community comes to terms with the impact of this breach,” Schmidt concluded.