Australian National University breached with 19 years of data accessed

Attackers got into ANU systems during late 2018 and were discovered two weeks ago.
Written by Chris Duckett, Contributor
(Image: ANU)

Australian National University Vice Chancellor Brian Schmidt disclosed a massive breach on the university's systems on Tuesday morning.

The breach was discovered a fortnight ago on May 17, with the university being first accessed during "late 2018".

"We believe there was unauthorised access to significant amounts of personal staff, student, and visitor data extending back 19 years," Schmidt wrote.

"Depending on the information you have provided to the university, this may include names, addresses, dates of birth, phone numbers, personal email addresses and emergency contact details, tax file numbers, payroll information, bank account details, and passport details. Student academic records were also accessed."

The Vice Chancellor said systems involving research work, credit card details, travel information, medical records, police checks, workers' compensation, vehicle registration numbers, and some performance records were not caught up in the breach.

Those concerned about the breach can call 1800 275 268 or email helpline@anu.edu.au for more information.

The university is advising immediate password resets, and added that information in ANU email accounts were not hit.

ANU said it believes information was only copied, not altered.

"Organisationally, we have invested heavily in IT security in the past 12 months and that investment has been successful in the sense that it reduced the risk presented by many attackers, and it helped us detect this sophisticated intrusion," ANU said in a FAQ.

"We need to keep investing in security. On an individual level, we can all change our passwords regularly, be vigilant about where we keep our information and be alert to suspicious activity."

At this stage, the university is not pointing the finger.

"Attribution is difficult, and we are not able to attribute this attack. This data breach has been referred to the appropriate agencies," it said. "The core issue for us is the safety of our community and protecting the integrity of our data."

In July last year, ANU was hit with an attack where the university said no staff, student, or research information had been taken.

ANU is home to the National Security College which trains defence and intelligence officials out of Canberra.

Related Coverage

ANU claims Australians want government to use data for better-targeted benefits

Respondents to its survey said they wanted the data to be used to make sure the right people were receiving the right benefits, the Australian National University has reported.

ANU applies space tech to predict future droughts and bushfires

The university used space technology to predict droughts and increased bushfire risk up to five months in advance.

ANU successfully measures light for quantum internet data transfer

The quantum internet will require fast-moving data and the Australian National University believes it has found a way to measure information stored in light particles which will pave the way for a safe "data superhighway".

ANU develops part-organic semiconductor

The university said the invention could help make devices such as mobile phones bendable.

Australian National University still tight-lipped on system breach

Reports have indicated the breach originated in China, with the finger pointed at the Chinese government.

Editorial standards