The university contacted former staff this week advising personal information was accessed off a central storage drive in the pre-Christmas cyber attack
The thieves accessed IDs and banking records. QUT confirms 11 405 people are “impacted” – including 70 students, and 2490 current staff.
So why, were the records of thousands of former members of the QUT community still held, CMM asked.
“Retention of records in our systems is done in accordance with the QUT retention policy, noting that the information was not in core university systems,” the university replied.
However, and it is a Himalaya of an “however”. “QUT acknowledges that this is an area of work for 2023 and will shortly begin systemically analysing older storage drives forensically. Going forward we will comprehensively and methodically review data storage and management practices.”
The university adds, “former staff who have not been contacted and would like to know if they have been affected, can email [email protected] “ They might also want to ask why university policy allowed for people’s personal info to be held for years after they left the university.