Phishers hit ACU, compromised systems
- 17 June, 2019 17:33
The Australian Catholic University says that a number of staff email accounts and some of its systems have been compromised after a successful phishing campaign.
“The data breach originated from a phishing attack: an email pretending to be from ACU tricking users into clicking on a link or opening an attachment and then entering credentials into a fake ACU login page,” a message issued by acting vice-chancellor Dr Stephen Weller said.
The data breach was discovered on 22 May; around the time that the recent Australian National University breach was unearthed.
“In a very small number of cases, staff login credentials were obtained successfully via the phishing email and were used to access the email accounts, calendars and bank account details of affected staff members,” the message from Weller said.
The vice-chancellor said that ACU had notified affected individuals and reset the passwords of breached accounts. The university has also alerted its bank to the potential for fraud-related activity and notified the Tertiary Education Quality and Standards Agency (TEQSA), Office of the Australian Information Commissioner (OAIC), and the Australian Cybercrime Online Reporting Network (ACORN).
“The University deeply regrets that this data breach has occurred,” Weller’s message said.
Today’s announcement comes a fortnight after the Australian National University revealed details of a mammoth data breach.
Sensitive ANU data dating back 19 years was accessed by hackers, the university revealed in early June.
The information, relating to ANU staff, students and visitors, included names, addresses, phone numbers, dates of birth, emergency contact details, Tax File Numbers, payroll information, bank account details, student academic records, and student academic transcripts.
Although the breach took place in 2018, the university only discovered it in May this year.
The university has attributed the attack to a “sophisticated operator”.
In 2018 the ABC reported that Chinese-based hackers were thought to have managed to hack into university systems.