The Swinburne University of Technology in Australia has confirmed a data breach that compromised personal information on staff, students, and third parties had been stolen by bad actors. The personal information contained names, email addresses, and phone numbers of some students, staff, and external parties.
The University first learned about the breach last month. They found out information of around 5,200 staff and 100 students were available publicly online.
Swinburne said this data was event registration information that students and staff submitted for various events from 2013 onwards.
The University said it undertook immediate measures to mitigate the impact of the attack.
“We took immediate action to investigate and respond to this data breach, including removing the information and conducting an audit across other similar sites,” the university said in a statement on Friday.
The school is currently contacting students, staff, and other individuals whose information leaked and publicly apologized to them and offered appropriate support.
“We sincerely apologise to all those impacted by this data breach and for any concerns this has caused… We are also contacting around 200 other individuals not connected to Swinburne who had registered for the event and whose information was also made available,” the schools said.
They reported the breach to the Office of the Australian Information Commissioner (OAIC), the Office of the Victorian Information Commissioner (OVIC), the Tertiary Education Quality and Standards Agency (TESQA), and the Victorian Education Department.
In the midst of increased attacks, the Australian government prepares to enforce an “enhanced framework to uplift security and resilience” upon universities via the Security Legislation Amendment (Critical Infrastructure) Bill 2020. The higher education sector may soon become systems of national significance. However, it meets the opposition from The Group of Eight (Go8) – the eight major Australian universities – that believes there no critical infrastructure assets in the higher education and research sector and, therefore, should not be included as a critical infrastructure sector.
“The Go8 considers the catch-all nature of the legislation as proposed for the higher education and research sector to be highly disproportionate to the likely degree and extent of criticality of the sector,” Go8 said in February.