CISO Corner

University of Sydney Data Breach

An image of the words "University of Sydney" in front of the organisations "The Quadrangle" building.

What Has Happened?

The University of Sydney has announced they have experienced an attack in their supply chain, this occurs when an attack and/or a data breach has occurred on an organisation’s third-party service providers. This has resulted in the exposure of personal student information. “We took immediate steps to secure our systems and contain the incident”, the University stated in their announcement. The relevant authorities and the New South Wales privacy commissioner have also been notified of the incident.

The public university started operations in 1850 and has nearly 70,000 students and about 8,500 academic and administrative personnel. It is considered one of Australia’s most important educational institutes.

The issue was isolated to a single platform and had no impact on other University systems. It is unclear if the intruder picked the time of the attack deliberately or if it was an opportunistic endeavour. This incident follows a previous breach in 2020 involving a proctoring platform provider. Unfortunately, higher education institutions are often targeted by attackers due to the valuable data held, perceived vulnerabilities, and low tolerance for outages.

Information Stolen

This breach has resulted in the exposure of personal information belonging to recently applied and enrolled international applicants. While the full extent of the compromised data and the number of affected individuals are still being determined, the University has announced that the preliminary investigation found no evidence that local students, staff, or alumni have been impacted.

The University is currently in the process of determining the specific type of data that has been accessed, and all students affected will be contacted and receive the required support to mitigate the risk of exposure. At this point, there is no evidence indicating of any misuse of the personal information accessed.

This incident has demonstrated the ongoing need for heightened cybersecurity measures in higher education institutions. It is vital for institutions to remain vigilant and address perceived vulnerabilities to protect the sensitive information of their staff, students, and maintain trust with their stakeholders.

Official updates and further information from the University will be published on their website.

Sources:

Bleeping Computer

University of Sydney

Nquiring minds

Submit a Comment

Your email address will not be published. Required fields are marked *