ACU discloses data breach


By Dylan Bushell-Embling
Tuesday, 18 June, 2019


ACU discloses data breach

The Australian Catholic University has become the latest Australian university to report a data breach on its systems.

The cyber attack compromised “a number of staff email accounts and some university systems”, the university’s Acting Vice Chancellor Dr Stephen Weller said in an advisory.

According to Weller, the breach initiated from a phishing attack targeting ACU staff login credentials, which was successful in “a very small number of cases”. The attackers used the login credentials to access their victims’ email accounts, calendars and bank account details.

The ACU has now contacted each person identified as being directly affected and reset their online accounts, and has sent notifications to its bank, the Tertiary Education Quality and Standards Agency (TEQSA), the Office of the Australian Information Commissioner (OAIC) and the Australian Cybercrime Online Reporting Network (ACORN).

The ACU’s disclosure comes two weeks after the ANU disclosed it had been the target of a data breach affecting large numbers of current and former staff, students and visitors. The Australian intelligence community reportedly considers the Chinese government to be the main suspect in that “sophisticated” attack.

In addition, the Auditor General of New South Wales last week published a report into risks faced by the state’s universities, which found that seven of the state’s 10 major universities experienced at least one cyber incident in 2018. But the audit uncovered significant deficiencies in the universities’ IT internal controls.

“Once again, the education sector finds itself in the crosshairs of determined cybercriminals. Universities are an alluring target for cybercriminals given the sheer amount of data records they store and manage,” commented Adam Biviano, Senior Manager for Solution Architecture at identity and access management solutions provider ForgeRock.

“With today’s threat landscape in constant evolution, organisations need to consider context aware intelligent authentication options which are stronger than passwords without the additional friction of conventional multifactor systems.”

Image credit: ©iconimage/Dollar Photo Club

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Related News

Pitney Bowes hit by ransomware attack

Logistics and e-commerce technology company Pitney Bowes is working to restore services after a...

Thoma Bravo bids $5.6bn for Sophos

The board of UK-based security company Sophos will unanimously recommend a US$3.82bn takeover...

Proofpoint uncovers malware delivery service for hire

Security company Proofpoint has provided details of a staged malware downloader they are calling...


  • All content Copyright © 2019 Westwick-Farrow Pty Ltd