Australian Catholic University phished with staff accounts and systems compromised

Staff bank accounts details breached along with email and calendars.
Written by Chris Duckett, Contributor

Australian Catholic University (ACU) has confessed that a data breach occurred on its systems as a result of a phishing attack. ACU said it discovered the breach on 22 May but did not say when the attack happened.

"The data breach originated from a phishing attack: An email pretending to be from ACU tricking users into clicking on a link or opening an attachment and then entering credentials into a fake ACU login page," Acting Vice-Chancellor Dr Stephen Weller said in a blog post on Monday.

"In a very small number of cases, staff login credentials were obtained successfully via the phishing email and were used to access the email accounts, calendars, and bank account details of affected staff members."

The university said it had reset the impacted user's accounts, contacted its bank, and notified the Office of the Australian Information Commissioner.

ACU added that it takes "very seriously our responsibilities to manage the security of data and the security of our IT systems".

"We also recognise the importance of cybersecurity awareness for students and staff and are reviewing ACU's cybersecurity awareness programs," Weller added.

Need to disclose a breach? Read this: Notifiable Data Breaches scheme: Getting ready to disclose a data breach in Australia  

Earlier this month, Australian National University (ANU) disclosed a breach that began late last year.

"We believe there was unauthorised access to significant amounts of personal staff, student, and visitor data extending back 19 years," Vice Chancellor Brian Schmidt wrote.

"Depending on the information you have provided to the university, this may include names, addresses, dates of birth, phone numbers, personal email addresses and emergency contact details, tax file numbers, payroll information, bank account details, and passport details. Student academic records were also accessed."

ANU said it believed information was only copied, not altered.

In July last year, ANU was hit with an attack where the university said no staff, student, or research information had been taken.

Related Coverage

Editorial standards