Australian Uni Hit With Huge Data Breach Going Back 19 Years

The Australian National University has been hit with a huge data breach of personal information from staff, students and visitors that dates back almost two decades. 

A "sophisticated operator" illegally accessed the university's systems late last year, but the breach was only detected two weeks ago, Vice Chancellor Brian Schmidt said in a statement on Tuesday.

He said a "significant" amount of personal staff, student and visitor data going back 19 years was believed to be accessed.

That includes some names, addresses, dates of birth, phone numbers, personal email addresses, emergency contact details, tax file numbers, payroll information, bank account and passport details.

Australian National University. PHOTO: Google Maps

Student academic records were also accessed but store credit card details, travel information, medical records, police checks, workers' compensation, vehicle registration numbers and some performance records were not affected.

There is also no evidence that research work has been compromised.

"That is what we know," Schmidt said.

"We're working closely with Australian government security agencies and industry security partners to investigate further."

Schmidt said the university has known about the hack for two weeks and has been working to strengthen systems against "secondary or opportunistic attacks".

"The University has taken immediate precautions to further strengthen our IT security and is working continuously to build on these precautions to reduce the risk of future intrusion," he said.

This is the second hack ANU has suffered this year, with the institution last July confirming it was working to "contain a threat to IT within the university".

No staff, student or research information was accessed on that occasion, it said at the time.

Image: Getty Images.

Schmidt on Tuesday said the previous incident prompted the the university to undertake a range of system upgrades.

"Had it not been for those upgrades, we would not have detected this incident," he said.

The university has set up a confidential helpline for anyone who is seeking more information or has particular concerns.

The Chief Information Security Officer has also issued a series of safeguards, including resetting passwords, looking out for phishing and scam emails and using current operating systems.

Featured image: Google Maps