Australia’s leading research university has been the target of a significant cyber attack, with a “sophisticated actor” accessing large amounts of student and staff data from the last two decades.
The Australian National University confirmed on Tuesday that a “sophisticated operator” successfully accessed its systems late last year and copied the personal information of staff and students dating back nearly two decades.
The university said it discovered the attack on 17 May, more than six months after it had taken place.
It’s the second time the university has been the subject of a cyberattack, after reports last year that China-based hackers had infiltrated its systems.
The information that has been breached includes an information provided to the university by staff, students and visitors, including names, addresses, dates of birth, phone numbers, personal email addresses, emergency contact details, tax file numbers, payroll information, bank account details, passport information and student academic records.
The wide range and amount of information accessed has led to concerns that it could be used for identity theft.
The university said the separate system used to store credit card details, travel information, medical records, police checks, workers’ compensation, vehicle registration numbers and performance records had not been breached.
The university also said it has “no evidence” that research work had been accessed by the “sophisticated actor”, with the university being home to Australia’s leading national security college and a series of important defence research projects.
ANU vice-chancellor Brian Schmidt confirmed that the university had been a victim of a “data breach that has affected personal data belonging to our community”, with a “sophisticated actor” believed to be behind it.
“The university has taken immediate precautions to further strengthen our IT security and is working continuously to build on these precautions to reduce the risk of future intrusion.
For the past two weeks, our staff have been working tirelessly to further strengthen our systems against secondary or opportunistic attacks,” Professor Schmidt said.
“I assure you we are taking this incident extremely seriously and we are doing all we can to improve the digital safety of our community,” he said.
“We are all affected by this and it is important we look after one another as our community comes to terms with the impact of this breach.”
Despite the significance and size of the attack, the university declined to provide an interview with a representative and refused to answer further questions.
“The University has provided the ANU community with all the information we have to hand, and won’t be making further comment,” the ANU media spokesperson said.
Tech security expert and founder of Have I Been Pwned Troy Hunt said the data breach is significant and could have serious ramifications for those impacted by it.
“The ANU breach may have a serious impact on those caught up in it due to the sensitivity of data such as banking and passport info. It also demonstrates how these incidents can go undetected for long periods of time, around six months in this case,” Mr Hunt told InnovationAus.com.
Mr Hunt also questioned why ANU still stored the personal information from staff and students from nearly two decades ago.
“There’s also a question to be asked about why data dating back 19 years was still stored – what purpose did this serve? The old adage of ‘you cannot lose what you do not have’ seems applicable here,” he said
The breach was been referred to security agencies after it was identified by the university on 17 May. The university believes the data has been accessed and copied, but not modified, and it is steering clear of placing any blame for the attack so far.
“Attribution is difficult, and we are not able to attribute this attack. This data breach has been referred to the appropriate agencies. The core issue for us is the safety of our community and protecting the integrity of our data,” the university said.
Australia’s spy agency, the Australian Signals Directorate, confirmed that it is investigating the breach through the Australian Cyber Security Centre, and is working with ANU to secure the networks.
“This compromise is a salient reminder that the cyber threat is real and that the methods used by malicious actors are constantly evolving,” an ASD spokesperson told InnovationAus.com in a statement.
“Unfortunately, a malicious actor with sufficient capability, time and resources will almost always be able to compromise an internet-connected computer network.”
The ANU was also the target of a successful hacking attempt earlier last year that was believed to have been conducted by China-based actors.
New security precautions put in place following the cyberattack last year allowed the university to detect the latest breach, although this happened well after it took place.
“As you know, this is not the first time we have been targeted. Following the incident reported last year, we undertook a range of upgrades to our systems to better protect our data. Had it not been for those upgrades, we would not have detected this incident,” Professor Schmidt said.
“We must always remain vigilant, alert and continue to improve and invest in our IT security.”
ANU’s chief information security officer has advised all university students and staff to change their password, implement two-factor authentication and be an alert for suspicious phishing emails.