The University of Sydney recently experienced a data breach in its supply chain [3] [4], resulting in unauthorized access to the personal information of international students and applicants [4]. This breach was caused by a third-party provider and was limited to a single platform, with no impact on other university systems [4]. Immediate action was taken by the university to secure its systems and contain the incident.
Description
The university promptly notified relevant cybersecurity authorities and the New South Wales privacy commissioner to address the situation [3] [4]. Currently [2] [4], there is no evidence of any misuse of the accessed personal information [4]. The extent of the compromised data and the number of affected individuals are still being determined [4]. It is important to note that only a limited number of recently applied and enrolled international applicants’ personal data has been accessed thus far [2]. Preliminary findings indicate that no data belonging to domestic students, staff [1] [2], alumni [1] [2], or donors has been affected [1] [2]. In response to the breach, the university has provided cybersecurity best practices for students to follow [4]. This incident follows a previous breach in 2020 involving a proctoring platform provider [3]. Unfortunately, higher education institutions are often targeted by attackers due to perceived vulnerabilities and low tolerance for outages [4].
Conclusion
The data breach at the University of Sydney has raised concerns regarding the security of personal information for international students and applicants. While immediate action was taken to secure systems and contain the incident [4], the full extent of the compromised data and the number of affected individuals are still being determined. It is reassuring that no data belonging to domestic students, staff [1] [2], alumni [1] [2], or donors has been affected [1] [2]. However, this incident highlights the ongoing need for heightened cybersecurity measures in higher education institutions. By providing cybersecurity best practices [4], the university is taking proactive steps to mitigate future breaches. It is crucial for institutions to remain vigilant and address perceived vulnerabilities to protect sensitive information and maintain trust with their stakeholders.
References
[1] https://www.cybersecurityconnect.com.au/commercial/9502-university-of-sydney-student-data-involved-in-third-party-data-breach
[2] https://gizmodo.com.au/2023/09/university-of-sydney-data-breach/
[3] https://www.b2be.com/en_us/blog/supply-chain-bulletin-4-september-2023/
[4] https://www.infosecurity-magazine.com/news/sydney-university-suffers-supply/
