Key Takeaways
- The University of Sydney has been targeted in a cyberattack, resulting in the compromise of personal information of approximately 20,000 staff, affiliates, alumni, and students.
- The accessed information includes names, dates of birth, phone numbers, home addresses, job titles, and employment dates.
- The university has taken immediate action to protect its systems and community, and is working with cybersecurity partners to monitor the dark web for any potential misuse of the compromised data.
- The incident is unrelated to a recent student results issue, and the university is notifying affected parties and recommending proactive steps to protect their information.
Introduction to the Cyberattack
The University of Sydney has fallen victim to a cyberattack, resulting in the unauthorized access of personal information of thousands of individuals associated with the institution. The attack, which targeted the university’s online code library, compromised historical data files containing sensitive information about current and former staff, affiliates, alumni, and students. According to Vice President of Operations Nicole Gower, the incident occurred last week, and the university has taken swift action to protect its systems and community.
Extent of the Data Breach
The cyberattack has resulted in the compromise of personal information of approximately 20,000 individuals, including about 10,000 current and 12,500 former staff and affiliates who were at the university as of September 4, 2018. Additionally, the personal information of 5,000 alumni and students, as well as six donors from 2010 to 2019, was also accessed. The compromised information includes names, dates of birth, phone numbers, home addresses, job titles, and employment dates. The university has estimated that the incident has impacted around 20,000 staff and affiliates, and is working to notify all affected parties by January.
University’s Response to the Incident
The University of Sydney has taken immediate action to protect its systems and community, blocking unauthorized access and securing the environment. The university has also purged the data sets from its code library and is working with cybersecurity partners to monitor the dark web for any potential misuse of the compromised data. According to the university, there is currently no evidence of misuse, but it will communicate with staff again if any such publication is discovered. The university has also notified several agencies about the cybersecurity incident, including the NSW Privacy Commissioner, Australian Cyber Security Centre, the Tertiary Education Quality and Standards Agency, the National Student Ombudsman, and ID Support NSW.
Recommendations for Affected Individuals
The university is recommending that individuals take proactive steps to protect their information as a precautionary measure. This includes monitoring their personal accounts and credit reports for any suspicious activity, and being cautious when receiving unsolicited emails or phone calls. The university is also providing support and resources to affected individuals, including access to identity protection services and counseling. It is essential for individuals to be vigilant and take steps to protect their personal information, as the consequences of identity theft and cybercrime can be severe and long-lasting.
Investigation and Next Steps
The University of Sydney is working closely with cybersecurity experts and law enforcement agencies to investigate the incident and determine the cause of the breach. The university is also conducting a thorough review of its cybersecurity protocols and procedures to prevent similar incidents from occurring in the future. The incident highlights the importance of robust cybersecurity measures and the need for institutions to prioritize the protection of personal information. As the university continues to investigate and respond to the incident, it is essential for individuals to remain vigilant and take proactive steps to protect their information.