Dear all,
It is with profound regret I inform you we have been victims of a data breach that has affected personal data belonging to our community.
In late 2018, a sophisticated operator accessed our systems illegally. We detected the breach two weeks ago.
For the past two weeks, our staff have been working tirelessly to further strengthen our systems against secondary or opportunistic attacks. I'm now able to provide you with the details of what occurred.
We believe there was unauthorised access to significant amounts of personal staff, student and visitor data extending back 19 years.
Depending on the information you have provided to the University, this may include names, addresses, dates of birth, phone numbers, personal email addresses and emergency contact details, tax file numbers, payroll information, bank account details, and passport details. Student academic records were also accessed.
The systems that store credit card details, travel information, medical records, police checks, workers' compensation, vehicle registration numbers, and some performance records have not been affected.
We have no evidence that research work has been affected.
That is what we know. We're working closely with Australian government security agencies and industry security partners to investigate further.
The University has taken immediate precautions to further strengthen our IT security and is working continuously to build on these precautions to reduce the risk of future intrusion.
The Chief Information Security Officer will be issuing advice shortly on measures we can all take to better protect our systems and I strongly encourage you all to implement those measures. That advice, frequently asked questions, contact details for support, and more information about the breach is available now via our homepage.
As you know, this is not the first time we have been targeted. Following the incident reported last year, we undertook a range of upgrades to our systems to better protect our data. Had it not been for those upgrades, we would not have detected this incident.
We must always remain vigilant, alert and continue to improve and invest in our IT security.
The required investment has been a priority of the University and I will keep you informed of the progress we're making. You will also receive regular updates on information security from the Chief Information Security Officer over coming months.
I know this will cause distress to many in our community and we have put in place services to provide advice and support.
We have set up a direct help line 1800 275 268 for anyone seeking more information or with particular personal concerns. This line is staffed by experts and will be confidential. Alternatively, you can email helpline@anu.edu.au
We have also increased counselling resources available for our community.
I assure you we are taking this incident extremely seriously and we are doing all we can to improve the digital safety of our community.
We are all affected by this and it is important we look after one another as our community comes to terms with the impact of this breach.
Sincerely Yours
Brian