ANU Cyber Breach, Students and Staff’s Personal Data Stolen
Personal data of nearly 200,000 students and staff members of the Australian National University were in a “sophisticated” cyber-attack. The trend shows that a similar breach happened to the Chinese government last year.
The university admitted that hackers were stealing data dating back 19 years and included banking information, passport information, as well as past and current academic and personal records.
Vice-chancellor Brian Schmidt said the university was working with government security agencies to investigate the breach, which occurred in late 2018 and was detected two weeks ago.
Brian Schmidt the Vice-Chancellor said the university was working with government security agencies to investigate the cyber-attack.
“We believe there was unauthorized access to significant amounts of personal staff, student and visitor data extending back 19 years,” Professor Schmidt said in a letter to students and staff.
“Depending on the information you have provided to the university, this may include names, addresses, dates of birth, phone numbers, personal email addresses, and emergency contact details, tax file numbers, payroll information, bank account details, and passport details. Student academic records were also accessed.”
There was “no evidence” research work had been affected said, Professor Schmidt.
A spokesperson of the university estimated the number of people affected to be 200,000, depending on the annual number of students and staff turnover.
Stephen Lockstep, an information security analyst at Constellation Research, questioned why the ANU was keeping so many years’ worth of data in systems that were connected to the internet. “Assuming that some of the 19-year-old data is for long-gone ANU students and staff, why does anyone at the university need ready online access to such old data?” he said.
Authorities said it was too early to say who was behind the attack, or whether it was linked to a separate violation of the university’s systems more than a year ago.
Education Minister Dan Tehan has announced that he will invite the country’s vice-chancellors to a briefing with the Australian government’s cybersecurity center to ensure that they are up to date on cybersecurity.
“Universities have a responsibility to protect the information they hold about individuals and the research they are conducting,” he said.
The ANU is considered an attractive destination because of its close ties to the Australian Government. Many students continue to work in the federal government, and many government officials, including military personnel, complete part-time career education at the university.
According to sources ‘stealing data of staff and students, hackers can develop long-term visions of students and staff who continue to hold critical positions in the Canberra bureaucracy.
A spokesman for the electronic spy agency, the Australian Signals Directorate, confirmed the agency was working to “secure the networks, protect users and investigate the full extent of the compromise”.