ANU’s data breach disaster

Staff and student personal records were accessed last year, the university only discovered it occurred a fortnight ago

What happened:  Vice Chancellor Brian Schmidt warned the university community yesterday of “unauthorised access“ to staff and student personal details over 19 years.

Data that was copied, “may include,” *names and addresses, * dates of birth, * phone numbers, * personal emails, * bank account details, * tax file numbers, and * passport details.

The university says files, including credit cards and other personal records are not affected, even so there is surely enough ID info out there for identify theft.

Professor Schmidt says the breach occurred in late 2018 and was discovered a fortnight ago. It was picked up by system upgrades installed after last July’s data breach (CMM July 9 2018).

The vice chancellor adds there is no, “evidence that research work has been effected.” Last year’s hack led to speculation that state actors were looking to penetrate ANU national security research partnerships with the Commonwealth.

And how: Who knows, ANU did not a couple of weeks back. But ANU-ites suggest that an IT restructure, combined with an early retirement scheme left the university lighter-on for deep-knowledge of university systems a couple of years back.

What happens next: The VC suggests, “we can all change our passwords regularly, be vigilant about where we keep our information and be alert to suspicious activity.”

Professor Schmidt also assures staff, “we have invested heavily in IT security in the past 12 months and that investment has been successful in the sense that it reduced the risk presented by many attackers and it helped us detect this sophisticated intrusion.”

Which does not answer obvious questions: What practical measures will the university take to protect staff past and present now at risk of identity theft? Are the hackers interested in specific members of the national security research community? Does the university really think soothing words for staff and suggestions about changing passwords will do?

And the inevitable one – who in ANU management is accountable for this disaster?

But while there are questions there are no answers, yesterday afternoon ANU said it was not doing interviews.


Subscribe

to get daily updates on what's happening in the world of Australian Higher Education