Hackers gained access to an online coding repository belonging to the University of Sydney and stole files with personal information of staff and students.
The institution said the breach was limited to a single system and was detected last week. It promptly shut down the unauthorized access and notified the New South Wales Privacy Commissioner, the Australian Cyber Security Centre, and education regulators.
"Last week, we were alerted to suspicious activity in one of our online IT code libraries. We took immediate action to protect our systems and community by blocking the unauthorised access and securing the environment," reads the announcement.
"While principally used for code storage and development, unfortunately, there were also historical data files in this code library containing personal information about some members of our community."
The personal data stolen in the attack impacts more than 27,000 individuals as follows:
10,000 current staff and affiliates employed or affiliated as of 4 September 2018
12,500 former staff and affiliates from the same date
5,000 students and alumni (from datasets dated roughly 2010–2019), plus six supporters
The staff data includes names, dates of birth, phone numbers, home addresses, and job details.
Although the university confirmed that this data was accessed and downloaded, it underlined that it found no evidence that it had been published online or misused.
... continue reading