News follows decade-long security incident at The Australian National University

Personal data belonging to staff at the Australian Catholic University (ACU) has been stolen in a cyber-attack affecting an unknown number of individuals, the institution admitted on Monday.

Email accounts, calendars, and bank account details were among the information taken after some of the university’s systems were compromised by a yet to be determined actor.

Students may have also been impacted by the breach, which occurred when staff login credentials were obtained via a phishing email.

“The data breach originated from a phishing attack: an email pretending to be from ACU tricking users into clicking on a link or opening an attachment and then entering credentials into a fake ACU login page,” Dr Stephen Weller, acting vice-chancellor at ACU, wrote in a statement published yesterday.

The ACU has informed all individuals that they believe to have been affected by the incident, and recommended to all staff and students that they change their passwords.

It also recommended to avoid reusing the same credentials for multiple accounts.

“It is important to remember that ACU credentials give access to a number of university systems, so it is vital to keep login credentials secure,” Weller said.

“ACU’s top priority is to protect the data and information of our staff and students. We take very seriously our responsibilities to manage the security of data and the security of our IT systems.”

The incident was first discovered on May 22 and reported to authorities and the Office of the Australian Information Commissioner (OAIC), the agency in charge of enforcing the country’s recently enacted Notifiable Data Breaches (NDB) scheme.

It appears that ACU has adhered to the breach disclosure law, although the new rules predominately apply to businesses, government agencies, and non-profit organizations that have an annual turnover of A$3 million ($2 million approximately) or more.

The news comes as another security incident at a university in Australia was reported earlier this month – one that saw personally identifiable information taken from staff and students of the Australian National University (ANU) over a period of 19 years.

Security improvements to the ANU infrastructure is what prompted the discovery of the breach on May 17.

“Had it not been for those upgrades, we would not have detected this incident,” ANU vice chancellor Brian Schmidt said at the time.

“We must always remain vigilant, alert and continue to improve and invest in our IT security.”

The Daily Swig reached out to ACU for comment who referred back to its original statement.


RELATED Australian National University breach exposed data stretching back 19 years