19 years of sensitive data from top Australian university hacked by 'sophisticated operator'

The Australian National University did not say who was believed to be behind the cyber intrusion, which is thought to have started in late 2018.
The Australian National University did not say who was believed to be behind the cyber intrusion, which is thought to have started in late 2018.PHOTO: REUTERS

SYDNEY (AFP, REUTERS) - A top Australian university with close ties to the country's government and security services on Tuesday (June 4) said it had been the victim of a vast hack by a "sophisticated operator" who gained access to 19 years of sensitive data.

In a message to staff and students, the Australian National University did not say who was believed to be behind the cyber intrusion, which is thought to have started in late 2018.

But vice-chancellor Brian Schmidt said the data accessed included "names, addresses, dates of birth, phone numbers, personal email addresses and emergency contact details, tax file numbers, payroll information, bank account details, and passport details."

The hack also breached student academic records.

"In late 2018, a sophisticated operator accessed our systems illegally. We detected the breach two weeks ago," Mr Schmidt said.

"We're working closely with Australian government security agencies and industry security partners to investigate further."

"The University has taken immediate precautions to further strengthen our IT security and is working continuously to build on these precautions to reduce the risk of future intrusion."

Australia’s cyber intelligence agency said it was investigating who was behind the attack.

"It does appear to be the work of a sophisticated actor," a representative of the Australian Signals Directorate said in an e-mailed statement. "It is too early to speculate about connections to other compromises."

According to World University Rankings, ANU is Australia’s best university and many of its graduates go on to to hold senior government positions, magnifying security sensitivities over the data breach.

The Canberra-based institution is backed by the federal government and is one of Australia's foremost research and teaching universities.

It started as a research institution after World War II, but today also teaches tens of thousands of students each year, including former prime ministers, Cabinet officials and civil servants.

"National community agencies are recruiting directly out of ANU," said Mr Fergus Hanson, head of the International Cyber Policy Centre at think-tank the Australian Strategic Policy Institute. 

"To have information around particular people who are working in different departments... that would be very useful."

This is just the latest in a series of hacks targeting the Australian establishment.

Earlier this year, the Australian Parliament reported that its computer network and some political parties had been compromised.

The breach was blamed on a "sophisticated state actor" with experts pointing fingers toward Beijing.

China has consistently denied being involved in any hacking attacks and its embassy in Australia, as well as the Foreign Ministry in Beijing, did not respond to a request from Reuters for comment.

Despite Chinese denials, Australia has cited similar incidents as evidence that China is meddling in its domestic affairs.

The allegations strained ties between China and Australia, a strong US ally.