Australian Catholic University (ACU) has confessed that a data breach occurred on its systems as a result of a phishing attack. ACU said it discovered the breach on 22 May but did not say when the attack happened.
"The data breach originated from a phishing attack: An email pretending to be from ACU tricking users into clicking on a link or opening an attachment and then entering credentials into a fake ACU login page," Acting Vice-Chancellor Dr Stephen Weller said in a blog post on Monday.
"In a very small number of cases, staff login credentials were obtained successfully via the phishing email and were used to access the email accounts, calendars, and bank account details of affected staff members."
The university said it had reset the impacted user's accounts, contacted its bank, and notified the Office of the Australian Information Commissioner.
ACU added that it takes "very seriously our responsibilities to manage the security of data and the security of our IT systems".
"We also recognise the importance of cybersecurity awareness for students and staff and are reviewing ACU's cybersecurity awareness programs," Weller added.
Need to disclose a breach? Read this: Notifiable Data Breaches scheme: Getting ready to disclose a data breach in Australia
Earlier this month, Australian National University (ANU) disclosed a breach that began late last year.
"We believe there was unauthorised access to significant amounts of personal staff, student, and visitor data extending back 19 years," Vice Chancellor Brian Schmidt wrote.
"Depending on the information you have provided to the university, this may include names, addresses, dates of birth, phone numbers, personal email addresses and emergency contact details, tax file numbers, payroll information, bank account details, and passport details. Student academic records were also accessed."
ANU said it believed information was only copied, not altered.
In July last year, ANU was hit with an attack where the university said no staff, student, or research information had been taken.
Related Coverage
- SIM swap horror story: I've lost decades of data and Google won't lift a finger
- This 'most dangerous' hacking group is now probing power grids
- These are the worst hacks, cyberattacks, and data breaches of 2019 (so far)
- Australia's cybersecurity chief Alastair MacGibbon resigns
- 86% of Australia's top websites can't detect bot attacks: Research
- Employees beware: 33% of CEOs will fire you if you cause a cybersecurity breach (TechRepublic)
- Most businesses 'overconfident' in their ability to stop cybersecurity breaches (TechRepublic)