Another data breach at an Australian University, this time student grades and personal information taken from University of Western Australia
August 3, 2022 |
There is a sub specialty of data breaches involving institutions of higher education. Recently in Australia there have been data breaches of the Australian National University, the University of Tasmania and most recently Deakin University. Yesterday it was reported that the University of Western Australia has suffered a significant data breach involving access of personal information and grades.
Unlike the data breaches at other universities this data breach involved the theft of laptops which held the personal information. Failure to secure bring your own devices, be they lap tops, phones, cameras, ipads etc.. is a chronic problem. These days large data breaches are generally caused by cyber attacks however, as this case highlights, the temptation for staff to store masses of personal information on lap tops for convenience in working offsite or even within a place of employment. Given this is the second data breach involving data stored on computers since 2019 the University has poor data security as well as physical security practices. If this occurred in the United Kingdom the University would be liable to receive a very significant monetary penalty. Here, not so much.
The article provides:
Hundreds of former students and staff members of Western Australia’s top university have had their most private data stolen, including grade transcripts, photos and address details.
The new data breach at the University of Western Australia is so serious WA police were alerted and have now called in the special digital forensics squad.
No financial data was obtained, just information that could potentially be used to create ID fraud and even extortion.
The school’s notable alumni includes former prime minister Bob Hawke, Andrew “Twiggy” Forrest, Canva co-founder Melanie Perkins, Liberal Senator Michaelia Cash, Resources Minister Madeleine King, former WA Governor and Labor leader Kim Beazley and former Indonesian Vice President, Boediono.
Those impacted were alerted by Vice-Chancellor Professor Amit Chakma late last week.
“The data that has been accessed is student information held in Callista and not other current information held in other UWA systems, including our alumni database. It includes names, student IDs and images, date of birth and contact details as well as course details and unit grades of current and former students. No credit card details, tax file numbers, bank information or medical records are included in Callista,” Professor Chakma said.
A UWA spokesperson told The Oz there is no evidence that any of the data has been used.
“The breach was limited to personal data belonging to students and alumni.
“The University sincerely apologises to those impacted by this incident and wants to assure the UWA community that it is conducting a thorough investigation to prevent a similar incident from occurring again,” the spokesperson said.
It’s the second large scale data breach of WA’s only sandstone university in a number of years.
The first occurred in 2019 when a number of computers were physically stolen from the riverfront campus in Perth’s plush western suburbs.
Laptops were snatched from an administration building that contained tax file numbers and student ID numbers of Australian citizens and residents who applied to study at UWA between 1988 and 2018. It was then treated as a “data loss incident” and police were also called in.
UWA is the second university to be virtually attacked in a matter of weeks.
In June, Deakin University confirmed the personal information of more than 46,000 enrolled and past students was leaked following a data breach.
This story has been covered by itnews with Student details, photos exposed in University of WA data breach, gizmodo with University of Western Australia Student Details Exposed in Data Breach and Tech Business News with University of Western Australia Confirms Student Details Exposed in Data Breach.