ACU discloses data breach
The Australian Catholic University has become the latest Australian university to report a data breach on its systems.
The cyber attack compromised “a number of staff email accounts and some university systems”, the university’s Acting Vice Chancellor Dr Stephen Weller said in an advisory.
According to Weller, the breach initiated from a phishing attack targeting ACU staff login credentials, which was successful in “a very small number of cases”. The attackers used the login credentials to access their victims’ email accounts, calendars and bank account details.
The ACU has now contacted each person identified as being directly affected and reset their online accounts, and has sent notifications to its bank, the Tertiary Education Quality and Standards Agency (TEQSA), the Office of the Australian Information Commissioner (OAIC) and the Australian Cybercrime Online Reporting Network (ACORN).
The ACU’s disclosure comes two weeks after the ANU disclosed it had been the target of a data breach affecting large numbers of current and former staff, students and visitors. The Australian intelligence community reportedly considers the Chinese government to be the main suspect in that “sophisticated” attack.
In addition, the Auditor General of New South Wales last week published a report into risks faced by the state’s universities, which found that seven of the state’s 10 major universities experienced at least one cyber incident in 2018. But the audit uncovered significant deficiencies in the universities’ IT internal controls.
“Once again, the education sector finds itself in the crosshairs of determined cybercriminals. Universities are an alluring target for cybercriminals given the sheer amount of data records they store and manage,” commented Adam Biviano, Senior Manager for Solution Architecture at identity and access management solutions provider ForgeRock.
“With today’s threat landscape in constant evolution, organisations need to consider context aware intelligent authentication options which are stronger than passwords without the additional friction of conventional multifactor systems.”
The average time to detect and contain a data breach in Australia was 311 days, according to IBM...
The Office of Australian Information Commissioner (OAIC) has determined that Uber interfered with...
More than half of IT professionals say under-resourcing is leading to longer phishing incident...