Australian Catholic University suffers a data breach…another university gets hacked

June 17, 2019 |

Earlier this month the Australian National University suffered a data breach, see my post here.  Now the Fairfax press reports in Australian Catholic University staff details stolen in fresh data breach that the Australian Catholic University has suffered a data breach where personal information has been stolen.  The hackers found their way into the ACU’s system with a phishing attack, something that shouldn’t happen if staff are properly trained.  The starting point with any email is to be wary if out of the blue someone from within the organisation wants a link pressed or an attachment opened.

As the article makes universities had been put on notice that they were vulnerable to cyber attacks. Unfortunately being told and doing something about it are two different things.

The article provides:

The Australian Catholic University has revealed the sensitive personal information of staff members has been stolen in a cyber attack, in the second significant security breach revealed in a month to have occurred at one of the country’s tertiary institutions.

In an email circulated on Monday afternoon, the university confirmed a number of staff email accounts and some university systems had been compromised in a phishing attack on May 22.

“In a very small number of cases, staff login credentials were obtained successfully via the phishing email and were used to access the email accounts, calendars and bank account details of affected staff members,” acting vice-chancellor Stephen Weller wrote.

“The university deeply regrets that this data breach has occurred.”

The attack comes just weeks after a huge data breach at the Australian National University in which 19 years’ worth of staff and student personal data were stolen in a “sophisticated” cyber attack. 

The Auditor-General has warned that NSW universities remain vulnerable to cyber attacks because of “repeated” failures to fix weaknesses in their IT systems.

In phishing attacks, the hacker masquerades as a trusted or genuine organisation and asks the victim to provide their personal details.

“An email pretending to be from the ACU [was] tricking users into clicking on a link or opening an attachment and then entering credentials into a fake ACU login page,” Dr Weller said.

Dr Weller said the victims of the breach had their details reset and banks were notified about potentially fraudulent activity.

The relevant agencies were notified, including the Office of the Australian Information Commissioner.

Students and staff were urged to be aware of potential phishing emails and to consider updating their passwords for non-university accounts.

“It is important to remember that ACU credentials give access to a number of university systems so it is vital to keep login credentials secure,” Dr Weller said.

The Australian Catholic University has just under 35,000 students enrolled across its seven campuses in Australia and an international campus in Rome.

The university’s two Sydney campuses are located at Strathfield and North Sydney.

A student, who spoke on the condition of anonymity, said he was concerned that cyber attacks on universities appeared to becoming more frequent. However, he praised the university for alerting students to the attack.

“It is refreshing to see an organisation come clean about the breach so quickly whereas many others seem to delay until they have either been caught out or completely addressed the situation,” the student said.

Leave a Reply

Verified by MonsterInsights