The Australian National University was subject to a massive data attack in late 2018. However, the attack was discovered by a sophisticated operator two weeks ago, said the university in a statement. It was found that data dating back to at least 19 years was accessed by the attackers. It is estimated that nearly 200,000 people might be affected by this data breach.
“We believe there was unauthorised access to significant amounts of personal staff, student and visitor data extending back 19 years,” said Brian Schmidt, vice-chancellor of ANU to ABC News.
According to the university’s official statements, details including names, date of birth, addresses, phone numbers, personal email addresses, tax file numbers, bank account details, payroll information, emergency contact details, passport details, and student academic records were accessed.
However, more sensitive information such as credit card details, travel information, medical records, police checks, vehicle checks, and workers’ compensation information wasn’t accessed. It is also found that the research work remained unaffected.
It is reported that the university chose to disclose the information two weeks after discovering the hack as it wanted to strengthen its IT and cybersecurity measures first. The vice-chancellor Schmidt said that their chief information security will issue advice and measures to be taken against such attacks.
It is to be noted that this data breach happens to have taken place after another cybersecurity breach in early 2018 where cyber attackers from China hacked into the university’s database.
Tom Uren, a senior analyst and a cybersecurity expert at the Australian Strategic Policy Institute said that it would be too early to speculate who was behind the attack. But then, in his opinion, China might likely be the culprit of this attack as well.
He also said that universities are a good place to find personal details and hence, when the alumni of the university end up working in federal agencies, the university database could be a good place to find their personal details.
The Australian Signals Directorate said that it was working with ANU to secure the networks and protect the users. The ASD will also look into the breach and investigate it further.