The Swinburne University of Technology has discovered sensitive data such as names, email addresses, and even contact phone numbers of its employees, students, and external parties were accidentally leaked in a data breach.

The university declared that in March 2021 it was informed that more than 5000 Swinburne staff and student personal information was published online. They also said the leaked data included event registration information from several events from 2013 onwards. At the moment, the event registration page cannot be accessed.

The Swinburne University of Technology has immediately announced the Office of the Australian Information Commissioner (OAIC), the Office of the Victorian Information Commissioner (OVIC), the Tertiary Education Quality and Standards Agency (TESQA), and the Victorian Education Department of the breach.

They have also announced that at the moment the university is contacting all the data breach victims in order to offer apologies and assistance where needed.

We took immediate action to investigate and respond to this data breach, including removing the information and conducting an audit across other similar sites,” the university said in a statement on Friday.

We sincerely apologize to all those impacted by this data breach and for any concerns, this has caused.

Source

The Australian government is prepared to implement an enhanced framework to uplift security and resilience regarding universities via the Security Legislation Amendment (Critical Infrastructure) Bill as the higher education sector in Australia might be considered a system of national significance in the near future.

The Group of Eight (Go8) comprises Australia’s leading research-intensive universities – the University of Melbourne, the Australian National University, the University of Sydney, the University of Queensland, the University of Western Australia, the University of Adelaide, Monash University, and UNSW Sydney.

Their opinion is that the government didn’t actually discover any grave infrastructure assets in the higher education and research area ergo it doesn’t feel they should be included as a critical infrastructure sector, considering the regulatory consequences.

In February 2021, Swinburne University of Technology stated that the price of positive security obligations and increased cybersecurity actions for assets considered to be systems of national importance would be hard for universities to assimilate, considering the present financial circumstances.

Therefore, the Commonwealth must ensure that universities are adequately funded to meet their responsibility of providing quality education and respond to these new security requirements.

While security from foreign interference is of paramount importance, equally important is the economic security provided by having a robust tertiary sector. We recommend that the government work closely with the sector to ensure that the legislation has minimal impact on essential university operations.

Source

Unfortunately, Swinburne University of Technology is not the only Australian university affected by a data breach in recent years. In 2018, The Australian National University (ANU) was also hit by a severe data breach, where threat actors acquired access to up to several years’ worth of data in the system that holds the university’s employees, financial administration, and student management.

In this case, the data breach was detected in 2019 and disclosed two weeks later.

Also, in February 2021, the RMIT University in Melbourne disclosed it has been hit by a phishing cyberattack, but they are working on restoring the affected systems.

During a recent Parliamentary Joint Committee on Intelligence and Security (PJCIS) inquiry regarding the national security risks affecting the Australian higher education and research sector, discussions around the two security incidents were used by Home Affairs representatives to justify the inclusion of higher education and research in the Critical Infrastructure Bill.

Heimdal Official Logo
Email communications are the first entry point into an organization’s systems.

Heimdal™ Email Fraud Prevention

Is the next-level mail protection system which secures all your incoming and outgoing comunications.
  • Deep content scanning for attachments and links;
  • Phishing, spear phishing and man-in-the-email attacks;
  • Advanced spam filters to protect against sophisticated attacks;
  • Fraud prevention system against Business Email Compromise;
Try it for FREE today Offer valid only for companies.
featured photo for heimdal news
2021.03.31 QUICK READ

Universities Targeted in Ongoing IRS Phishing Attacks

heimdal security news and updates
2021.03.22 QUICK READ

Australian Government Departments Improperly Self-Reported Cyber Compliance, ANAO Finds

heimdal security news and updates
2021.03.12 QUICK READ

University Cyberattacks Justify the Incorporation of Higher Education in Critical Infrastructure Bill

data leakage prevention cover art
2021.02.18 INTERMEDIATE READ

What You Need to Know About Data Leakage Prevention

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP