Attackers accessed Australian National University 19-year-old data

Personal 19-year-old details of more than 200 000 people affected in the massive Australian National University breach

Australian National University confirmed data breach that leaked information dating back almost 20 years. As it was discovered a few weeks ago, the unauthorized attacker accessed the ANU systems back in 2018.^[1] This incident led to the exposure of information from 19 years ago. Australian National University Vice-Chancellor Dr. Brian Schmidt disclosed this breach in an official report for the community.^[2]

According to Schmidt, the access was gained back in 2018 and was discovered on May 17th, this year. The data breach affected personal details of staff, students, and visitors, including names, addresses, dates of birth, payroll information:

Depending on the information you have provided to the University, this may include names, addresses, dates of birth, phone numbers, personal email addresses and emergency contact details, tax file numbers, payroll information, bank account details, and passport details. Student academic records were also accessed.

Fortunately, the attacker didn't access other systems where credit card credentials, travel information, medical records, police checks, and vehicle registration numbers, compensation information have been stored.

Personal staff and student data was accessed and copied, but not altered

According to the official report, there are no details that research work has been accessed or affected. The officials claim to be working closely with government security agencies to investigate the issue further, so there is no doubt that more details will be revealed after the in-depth investigation.

Since the university has been knowing about the breach for at least two weeks, the report is surfacing now to inform people who got affected, while the officials continue to build the protection in the system further.^[3]

I assure you we are taking this incident extremely seriously and we are doing all we can to improve the digital safety of our community.

The university is trying to avoid any secondary or opportunistic attacks by taking precautionary measures and encouraging people to do so too. ANU has set up a direct helpline for anyone seeking to get more information about the events. Also, additional advice was issued for people who got affected, including password resetting and tips about activities online.

Australian National University has already been affected by hackers

According to reports from July 2018, Chinese hackers accessed Australia's top-ranked university system that led to several months of fighting the threat.^[4] Although there is no specific information on these two incidents, officials retain from speculating about possible connections.

According to Dr. Schmidt, the IT protection system that was upgraded after this incident last year was the reason why the data breach was detected. Since the information regarding ANU email addresses was not accessed, students at the university were told via email about the breach around the time official report got published.

However, this is not the first data breach regarding student information and universities. We have reported back in February about the Stanford University data breach, that revealed information about students.^[5] The particular data breach occurred due to the direct vulnerability in the application used by the university and other schools to help students to access their school files.