Laptops holding 30 years’ worth of student data stolen from UWA

Laptops holding 30 years’ worth of applicant data were stolen from the University of Western Australia late last month, the university’s vice-chancellor revealed at the weekend.

The laptops – which were taken in a break-in at a UWA administration building – contain the Tax File Numbers and student identification numbers of people who applied to study at the university between 1988 and January 2018.

“Separately, and in varying degrees of completeness, there are also details across the laptops from applicants who may have provided the University with information such as names, dates of birth and passport numbers to obtain a confirmation of enrolment,” Vice-Chancellor Professor Dawn Freshwater, said in a message on Saturday.

The university was treating the theft “as a data loss incident,” Freshwater added.

The incident was immediately reported to the Western Australian Police for investigation, the university said, and the Office of the Australian Information Commissioner and Australian Tax Office have been notified.

No credit card details, bank information or medical records were included in the stolen datasets.

“Following the theft, and as a precaution, the University has reset user login passwords and made it impossible for the stolen laptops to connect to the UWA network. Police investigations into the break-in are ongoing, and the University is continuing efforts to track the stolen equipment,” Freshwater said.

Building and data security has been strengthened “where possible”.

Recipients of the alert were advised to be extra vigilant when receiving unsolicited emails, phone calls and text messages and to monitor financial transactions for any suspicious behaviour.

Students and alumni were told that there was “no indication that any data has been, or will be, accessed or used”.

The incident comes just months after the Australian National University (ANU) detected a breach in which 19 years’ worth of personal staff, student and visitor data had been accessed.

The attack by what the university’s Vice-Chancellor Brian Schmidt called a ‘sophisticated operator’ occurred in late 2018 and was detected in May this year.

It is believed unauthorised access was gained to a huge amount of data including names, addresses, dates of birth, phone numbers, personal email addresses and emergency contact details, tax file numbers, payroll information, bank account details, passport details as well as student academic records.