University of Sydney data breach compromises personal data of over 27,000 staff and students
Take action: We've seen secrets in code, but storing PII in code repository is totally weird, especially when you think of the code repository of just program code and forget the data files.
Learn More
The University of Sydney is reporting a data breach that exposed sensitive personal information of more than 27,000 current and former staff members, students, and alumni.
The breach occurred when attackers gained access to an online coding repository, successfully downloading historical data files that were improperly stored within the system.
The compromised system was primarily designed for code storage and development purposes, but investigators discovered it also contained historical data files with personal information dating back several years. The breach impacted 10,000 current staff and affiliates who were employed or affiliated as of September 4, 2018, approximately 12,500 former staff and affiliates from the same reference date, and roughly 5,000 students and alumni from datasets spanning approximately 2010 to 2019, along with six supporters.
The exposed personal data includes:
- Names
- Dates of birth
- Phone numbers
- Home addresses
- Job details (for staff members)
The nature of the attack is not disclosed.
The University of Sydney expects to complete individual notifications by next month and has established a dedicated cyber-incident support service to provide counseling and assistance to those impacted. Authorities including the New South Wales Privacy Commissioner, the Australian Cyber Security Centre, and education regulators were notified of the incident.
