Australia National University (ANU) has disclosed a data breach that affected some information of its community members dating back 19 years.
On 4 June, ANU Vice-Chancellor Brian Schmidt revealed that the school had discovered a data breach in May. An analysis of the event uncovered that someone had accessed the school’s systems illegally back in 2018. This effort also provided crucial information about the nature of the security incident and what data it had likely exposed.
As Schmidt explained in his statement:
We believe there was unauthorised access to significant amounts of personal staff, student and visitor data extending back 19 years.
Depending on the information you have provided to the University, this may include names, addresses, dates of birth, phone numbers, personal email addresses and emergency contact details, tax file numbers, payroll information, bank account details, and passport details. Student academic records were also accessed.
Schmidt clarified that the incident did not affect the systems on which the university stores travel information, medical records, vehicle registration numbers and other data. He also went on to say that those behind this data breach had not gained access to research conducted at the school.
This isn’t the first time that Australia National University has suffered a security incident. In summer 2018, news emerged of a security event at ANU where digital attackers compromised its systems. The school responded by strengthening its digital security measures, upgrades which according to Schmidt helped the university detect this latest data breach.
After discovering the incident in May, ANU implemented additional changes to further bolster the defensive posture of its systems. Schmidt revealed that the university also created a direct help line which people can call to ask questions and express their concerns.
Schmidt said he expects that the CISO of Australia National University will soon identify certain measures which everyone in the ANU community can take to help protect the school against similar incidents going forward.
While faculty, staff and students await this advice, they can follow these tips to protect themselves against the threat of identity thieves.