University of Sydney Data Breach Exposes Student, Staff Info
▼ Summary
– Hackers breached a University of Sydney online code library, stealing personal data files for over 27,000 staff, students, and alumni.
– The stolen data includes names, birth dates, phone numbers, addresses, and job details, though there is no evidence it has been published or misused.
– The university blocked the unauthorized access upon detection, secured the system, and notified relevant Australian authorities and regulators.
– Impacted individuals are being notified and offered support services, while being advised to change passwords and enable multi-factor authentication.
– This is the second data breach the university has experienced recently, following a separate third-party incident in September 2023.
A significant data breach at the University of Sydney has compromised the personal information of thousands of students and staff after hackers infiltrated an online code repository. The university confirmed the incident was contained to a single system and that unauthorized access was blocked upon detection last week. Officials have alerted key regulatory bodies, including the New South Wales Privacy Commissioner and the Australian Cyber Security Centre, while launching an investigation into the full scope of the attack.
The compromised system was primarily used for storing and developing software code. However, it also contained historical data files with sensitive personal details. The breach impacts over 27,000 individuals, including current and former staff, students, and alumni. Specifically, the data relates to approximately 10,000 current staff and affiliates, 12,500 former staff, and around 5,000 students and alumni, with datasets spanning from roughly 2010 to 2019.
Information accessed includes names, dates of birth, phone numbers, home addresses, and employment details. The university stated that while this data was downloaded by the attackers, there is currently no evidence it has been published online or misused. As one of Australia’s largest public universities, with a community of about 70,000 students and 10,000 staff, the incident underscores the persistent cyber threats facing major educational institutions.
The university has begun the process of directly notifying all affected individuals through personalized communications, a task expected to be completed within the coming month. It has also established a dedicated cyber-incident support service to offer counseling and guidance. A frequently asked questions page has been published online and will be updated as the internal investigation progresses.
All impacted individuals are strongly advised to remain vigilant against phishing attempts and unsolicited communications. The university recommends changing passwords for online accounts and enabling multi-factor authentication (MFA) wherever possible to enhance security. This event follows another data breach the university experienced in September 2023, which involved a third-party service provider and exposed information of international applicants.
(Source: Bleeping Computer)
