More Than 5,000 People Affected in Data Breach at Swinburne University
Email Addresses and Phone Numbers of 5,200 Swinburne Employees and 100 Swinburne Students Were Accessible on the Internet Following Data Breach.
The Swinburne University of Technology has discovered sensitive data such as names, email addresses, and even contact phone numbers of its employees, students, and external parties were accidentally leaked in a data breach.
The university declared that in March 2021 it was informed that more than 5000 Swinburne staff and student personal information was published online. They also said the leaked data included event registration information from several events from 2013 onwards. At the moment, the event registration page cannot be accessed.
The Swinburne University of Technology has immediately announced the Office of the Australian Information Commissioner (OAIC), the Office of the Victorian Information Commissioner (OVIC), the Tertiary Education Quality and Standards Agency (TESQA), and the Victorian Education Department of the breach.
They have also announced that at the moment the university is contacting all the data breach victims in order to offer apologies and assistance where needed.
We took immediate action to investigate and respond to this data breach, including removing the information and conducting an audit across other similar sites,” the university said in a statement on Friday.
We sincerely apologize to all those impacted by this data breach and for any concerns, this has caused.
The Australian government is prepared to implement an “enhanced framework to uplift security and resilience“ regarding universities via the Security Legislation Amendment (Critical Infrastructure) Bill as the higher education sector in Australia might be considered a system of national significance in the near future.
The Group of Eight (Go8) comprises Australia’s leading research-intensive universities – the University of Melbourne, the Australian National University, the University of Sydney, the University of Queensland, the University of Western Australia, the University of Adelaide, Monash University, and UNSW Sydney.
Their opinion is that the government didn’t actually discover any grave infrastructure assets in the higher education and research area ergo it doesn’t feel they should be included as a critical infrastructure sector, considering the regulatory consequences.
In February 2021, Swinburne University of Technology stated that the price of positive security obligations and increased cybersecurity actions for assets considered to be systems of national importance would be hard for universities to assimilate, considering the present financial circumstances.
Therefore, the Commonwealth must ensure that universities are adequately funded to meet their responsibility of providing quality education and respond to these new security requirements.
While security from foreign interference is of paramount importance, equally important is the economic security provided by having a robust tertiary sector. We recommend that the government work closely with the sector to ensure that the legislation has minimal impact on essential university operations.
Unfortunately, Swinburne University of Technology is not the only Australian university affected by a data breach in recent years. In 2018, The Australian National University (ANU) was also hit by a severe data breach, where threat actors acquired access to up to several years’ worth of data in the system that holds the university’s employees, financial administration, and student management.
In this case, the data breach was detected in 2019 and disclosed two weeks later.
Also, in February 2021, the RMIT University in Melbourne disclosed it has been hit by a phishing cyberattack, but they are working on restoring the affected systems.
During a recent Parliamentary Joint Committee on Intelligence and Security (PJCIS) inquiry regarding the national security risks affecting the Australian higher education and research sector, discussions around the two security incidents were used by Home Affairs representatives to justify the inclusion of higher education and research in the Critical Infrastructure Bill.
Heimdal® Email Security
- Completely secure your infrastructure against email-delivered threats;
- Deep content scanning for malicious attachments and links;
- Block Phishing and man-in-the-email attacks;
- Complete email-based reporting for compliance & auditing requirements;