Hackers steal 19 years worth of data News from ESET We Live Security
A premier Australian university has disclosed a cyberattack that compromised the personal information of its students and staff extending back nearly two decades.
“We believe there was unauthorized access to significant amounts of personal staff, student and visitor data extending back 19 years,” reads a statement from Brian Schmidt, Vice-Chancellor of the Australian National University (ANU).
The stolen data belongs to an estimated 200,000 people and includes “names, addresses, dates of birth, phone numbers, personal email addresses, and emergency contact details, tax file numbers, payroll information, bank account details, and passport details”.
Other sensitive information, such as credit card details, medical records, research data, and intellectual property, was not compromised. AMU is working with Australian government security agencies and security experts to investigate further.
Schmidt said that the incident occurred in late 2018, but wasn’t discovered until two weeks ago – on May 17 to be exact according to FAQs regarding the breach.
The university also published guidance for people affected by the breach. The advice can be distilled into three points – change your ANU password, don’t reuse it anywhere else, and be on your guard against suspicious emails that may follow after the intrusion.
Meanwhile, there’s no word on who may have been behind the breach. “Attribution is difficult, and we are not able to attribute this attack,” said the university. It did say, however, that the breach was the work of a “sophisticated operator”.
This was the second time within less than a year that the university was targeted by hackers. Last July, ANU disclosed a months-long battle to expel intruders who were said to have “utterly compromised” the university’s computer system.
The university said that it only spotted the more recent intrusion thanks to security enhancements implemented in the wake of that earlier incident. “Following the incident reported last year, we undertook a range of upgrades to our systems to better protect our data. Had it not been for those upgrades, we would not have detected this incident,” said Schmidt.
Universities, in general, make for an appealing target for attackers with various motivations. Besides the personal information of employees and students, universities hold massive amounts of highly-valuable and commercially-sensitive research data
Advice from the Chief Information Security Officer
Dear ANU Community,
Earlier today you will have received an important message from our Vice Chancellor notifying you we have been victims of a data breach. One of the implications of this message is how we can protect ourselves from further malicious activity. Although we have an ever-increasing range of safeguards to protect us from cyber-threats, we all play a role in keeping our systems safe.
Below are a range of steps you can take to help stay safe.
Passwords are the most commonly used form of online credentials so they remain a key target. These simple precautions can help you secure your passwords and identity:
If you have not reset your ANU password since November 2018, it is highly advised that you do so immediately. Accounts whose passwords have not been reset since November 2018 will automatically require a password change on 12 June 2019.
If you tend to reuse your ANU password, or very similar passwords, on other services (within or external to ANU) it is highly recommended that you reset these as soon as possible and use more distinct passwords for each service.
Where available two factor authentication (phone app, token) should be used for any online services you are registered with.
Use strong but memorable passwords. There are many secure password generators online and also consider the use of a password manager.
Phishing and scam emails are still the most common way to steal personal information or gain unauthorised access.
Make sure emails are from a trusted source. Some email clients don’t automatically show the full email address so take the time to expand and validate email addresses.
Do not click on links or open attachments from unknown senders or emails which purport to be from someone you know but seem out of character.
If the email appears to be from a known sender but seems unusual or asks you to do something you would not normally do, find a way to validate this information with the sender.
Never give any sensitive or personal details over email no matter how legitimate or authoritative the source may seem.
Don’t click on email attachments with unusual file extensions or names unless you are expecting the email.
If you can’t tell whether an email is legitimate, or you think your account has been compromised, please contact [email protected]
Maintain a watchful eye on your devices and keep them close to you. If you can avoid it, don’t leave your device in a hotel room or room safe.
When using public Wi-Fi (at home or abroad) always make sure you use a Virtual Private Network (VPN) service. Hotel and airport lounge Wi-Fi are not secure.
Consider using disk encryption. This one of the most useful data loss prevention measures.
Do not accept USB devices from promotions or untrusted sources. Recommend to your friends and colleagues to use secure cloud based file transfers where possible.
General device maintenance and configuration
Just like our vehicles require regular maintenance to stay road-worthy so to do our digital devices, so that they remain able to resist increasingly sophisticated attacks.
Use a current and supported operating system. Older systems are more vulnerable particularly if security patches are no longer being released for them.
Ensure all operating systems and applications on your device are fully updated to the most recent patch level and are still being supported by the vendor.
It is highly recommended that you use a security product on your device and that you keep it up to date.
Some operating systems give you a local administrator account by default, consider making a second account on your device with less privileges for everyday use.
Microsoft Office macros can be very useful but are also a very common method of enabling malware. Strongly consider turning off macros unless you have a specific need.
Don’t download and run software from untrusted or unknown sources; and always make sure you scan any downloads with a reputable security product.
Always make sure your important information is backed up regularly and consider having a mix of backup solutions e.g. cloud and removable disk.
Helping your friends and colleagues
Criminals may use your identity to trick your friends and colleagues. If you think your contact list has been compromised, let your friends and colleagues know so they can take steps to protect themselves.
ANU ITS maintain a website with up-to-date security information. You can access that website through our homepage, and I recommend bookmarking it and checking back regularly.
For any matters relating to the data breach please contact 1800 275 268 and for any general IT security matters please call the IT Help Desk on 6125 4321.
Chief Information Security Officer