The Australian National University has been hacked by a “sophisticated operator,” and the data of many staff and students has been accessed.
The university’s systems were accessed in late 2018, but the institution only realised the breach two weeks ago. The personal data of staff, students, and visitors to the Australian National University dating back almost 20 years were reported to have been accessed.
“We believe there was unauthorised access to significant amounts of personal staff, student and visitor data extending back 19 years,” Vice-Chancellor Brian Schmidt said on June 4.
Information that has been accessed includes some names, addresses, dates of birth, phone numbers, personal emails, tax file numbers, bank account details, passport details, and student academic records.
The hacking did not affect credit card details, travel information, medical records, police checks, workers’ compensation, vehicle registration numbers and some performance records stored by the university.
Shadow treasurer Jim Chalmers, a former student of the ANU, said the breach was very concerning.
“It appears to be quite a serious hack,” he told reporters in Brisbane.
“No doubt more details will be discovered as the police go about their work, and we’ll wait to see the conclusions of that investigation.”
The Australian Cyber Security Centre is working with the university to secure networks, protect users, and investigate the extent of the breach.
It believes the attack was the work of a “sophisticated actor.”
“This compromise is a salient reminder that the cyber threat is real and that the methods used by malicious actors are constantly evolving,” a spokesperson told AAP.
“Proper and accurate attribution of a cyber incident takes time and any attribution would be done in a measured fashion.
“Unfortunately, a malicious actor with sufficient capability, time and resources will almost always be able to compromise an internet-connected computer network.”
The hack is the second ANU has suffered within a year, with the institution confirming in July last year it was working to “contain a threat to IT within the university.”
It remains unclear if the hacks are related. The first hack, which failed to gather any sensitive information, was said by national security sources at the time to be the work of the Chinese Communist regime.
The university presents an attractive target for state actors given its close association with the federal government and its important strategic schools such as the National Security College, the Strategic and Defence Studies Centre, and the Crawford School of Public Policy.
System upgrades that ANU undertook after that incident had allowed it to detect the latest incident, Professor Schmidt said.
“We must always remain vigilant, alert and continue to improve and invest in our IT security.”
The university has set up a confidential direct helpline—1800 275 268—for anyone seeking more information or with particular concerns.
“I know this will cause distress to many in our community and we have put in place services to provide advice and support,” Professor Schmidt said.
The university’s chief information security offer has also issued a range of advice, including resetting passwords and being cautious about opening some emails.
With reporting by Epoch Times staff.