Australian National University: 19 Years of Data CopiedHackers Stole 'Significant Amounts' of Student, Staff Data
Australian National University has detected a data breach that resulted in the copying of "significant amounts" of staff and student data stretching back 19 years.
The intrusion began in late 2018 and was detected on May 17, the university reports.
"For the past two weeks, our staff have been working tirelessly to further strengthen our systems against secondary or opportunistic attacks," says ANU's Vice-Chancellor Brian Schmidt, in a notice posted Tuesday on the university's website.
The compromised data includes names, addresses, birth dates, phone numbers, personal email addresses, emergency contact details, tax file numbers, payroll information, bank account details, passport details and student academic records.
Research work was not affected, Schmidt writes. Also, the systems that store "credit card details, travel information, medical records, police checks, workers' compensation, vehicle registration numbers, and some performance records have not been affected."
University: Low Risk
In a separate FAQ the university writes: "We don't believe there is a risk as a result of this data breach."
Nevertheless, the university says it has notified the Australian Tax Office "about the data breach and will be securely providing the ATO with details of all tax file numbers so they can be monitored for any unusual or suspicious activity."
According to the ATO's website: "Data breaches are often a precursor for refund fraud." Australia's financial year ends this month, and after that, taxpayers will begin filing their returns.
The university didn't reveal the number of records breached, but said all were affected.
Schmidt writes that the university detected the latest incident thanks to system upgrades it undertook after another serious incident last year.
In July 2018, the Sydney Morning Herald reported, citing anonymous sources, that China-based hackers compromised the university's systems
The university said this week that it sought help from the Australian government, which runs the Australian Cyber Security Center, which is part of the Australian Signals Directorate.
ACSC says in a statement that it is working with the university to secure its network and investigate the full extent of the compromise. It says that the attack "does appear to be the work of a sophisticated actor. Unfortunately, a malicious actor with sufficient capability, time and resources will almost always be able to compromise an internet-connected computer network."
University IT: It's Complicated
As one of Australia's top universities, Australia National University may present an attractive target due to national security connection with the government. It runs the National Security College, a specialist graduate studies school that 's a joint initiative with the government.
It also runs a respected computer science program, including a course on offensive cyber operations that's designed to teach students how "to identify and test systems for vulnerabilities without full knowledge or direct access."
Higher education institutions continue to be a target for espionage, says Tim Wellsmore, who formerly worked with the ACSC and is now FireEye's director of government security programs in Asia-Pacific. A variety of state-linked threat actors target the sector, he says.
"These institutions hold extensive information that is valuable to nation-state actors, including research related to national security, its faculty's communications and contacts, personal information and intellectual property," Wellsmore says.
Academic networks, he says, are often very large and "notoriously challenging to secure and monitor, which can make them prime targets for attackers."
Like many other countries, Australia has battled suspected state-sponsored hacking groups. In February, Prime Minister Scott Morrison said a "sophisticated state actor" was likely behind a breach of Parliament's network (see: Hack Attack Breaches Australian Parliament Network). The breach exposed lawmakers' email archives.
Australia took quick action after the breach, but in the process of remediation destroyed forensic evidence that may have provided more clues about the attackers. Morrison didn't identify the nation suspected to have breached the network (see: Suspected State-Sponsored Hackers Pummel US and Australia).