Western Sydney University announces personal information was exposed in a major data breach between July 23 and March this year.
WSU first revealed a hack in May, reporting that records of 7,500 individuals were “subject to unauthorised access.” WSU now confirms that personal information (it appears to include staff and students) was accessed, including:
- Names, contact details, dates of birth, health information
- “Sensitive information relating to workplace conduct and health and safety”
- Government IDs
- Tax file numbers
- Superannuation details
- Bank account information
WSU adds it has no evidence of data being uploaded, has received no threats or demands and has support services in place. And in a move calculated to restrain hackers in awe of their law, it also has an interim injunction from the Supreme Court of NSW “to prevent access, use, transmission and publication of any data that is the subject of the incident.”
However, for people who are worried, WSU states, while it will “endeavour” to notify individuals about the impact on their personal information and has support services in-place otherwise they are on their own.
“Due to the volume and complexity of the data, the university will not be able to issue individual notifications to all those who may be impacted.”
WSU joins numerous other universities whose data defences have been breached, notably;
- in 2019 ANU’s human resources, financial management and student admin systems were hacked in what was then the biggest raid on a university. ANU never speculated on what the ransackers were after.
- 47 000 IDs, email addresses and mobile numbers at Deakin U were accessed in mid-2022
- also in 2022 Uni WA’s student record system (IDs, grades, contact details) was hacked
- plus National Tertiary Education Union membership records were stolen that year, with the thieves demanding payment for not selling them. The comrades did not pay-up, telling members their ban details were encrypted but that they still should “assume your sensitive personal information has been compromised”
- and last year QUT reported 11 000 personal records, were accessed, including 8000 of people who no longer worked at the university but which still had their records.
There is a bit of that about. The NSW Auditor General reported last year that the State’s universities hold personal information on staff and students from seven years to forever.
But how bad can it get?
Perhaps as bad as it got at the University of California in 2021, where a hack at a service provider led to the theft of names, addresses, phone numbers, birth dates, Social Security numbers and bank account information of employees, retirees students and their families.
