ANU hit by data hack
Hackers have accessed almost 20 years’ worth of personal data on ANU staff, students and visitors.
The breach occurred in late 2018, but the university only noticed two weeks ago.
“We believe there was unauthorised access to significant amounts of personal staff, student and visitor data extending back 19 years,” Australian National University Vice-Chancellor Brian Schmidt said.
Information included names, addresses, dates of birth, phone numbers, personal emails, tax file numbers, bank account details, passport details and student academic records.
It did not cover credit card details, travel information, medical records, police checks, workers' compensation, vehicle registration numbers and some performance records stored by the university.
The Australian Cyber Security Centre is working to secure the university’s networks and investigate the breach, which it says was the work of a “sophisticated actor”.
“This compromise is a salient reminder that the cyber threat is real and that the methods used by malicious actors are constantly evolving,” a spokesperson told AAP.
“Proper and accurate attribution of a cyber incident takes time and any attribution would be done in a measured fashion.
“Unfortunately, a malicious actor with sufficient capability, time and resources will almost always be able to compromise an internet-connected computer network.”
It is the second such announcement ANU has had to make within a year, after the institution confirmed in July last year that it was working to “contain a threat to IT within the university”.
System upgrades after the first incident reportedly allowed the university to detect the latest incident.
“We must always remain vigilant, alert and continue to improve and invest in our IT security.”
The university has set up a confidential direct help line for more information, on 1800 275 268.