Australian National University Data Breach Exposes 19 Years of Student Data (Jun 4, 2019)
The Australian National University has disclosed a massive breach on the university’s systems, involving the unauthorized access to significant amounts of personal staff, student, and visitor data extending back 19 years. Student academic records were accessed, as well as information provided to the university for administrative purposes. This additional information may include addresses, bank account details, dates of birth, emergency contact details, names, passport details, payroll information, personal email addresses, phone numbers, and tax file numbers. The university’s Vice Chancellor Brian Schmidt stated that systems involving research work were not impacted in the breach. At this stage of the investigation, the university has not been able to attribute the attack to any known actor, and have referred the data breach to the Australian authorities.
Recommendation: The exposure of Personally Identifiable Information (PII) requires affected individuals to take precautionary measures to protect their identity and their finances. Identity theft services can assist in preventing illicit purchases, or applying for financial services from taking place by actors using stolen data.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.