Extraordinary blunder results in the private details of almost 20,000 Australian university students leaked online in massive data breach
- Data of 19,900 University of Tasmania students made public in security breach
- UTAS on Monday informed students details were made public for five months
- Breach was ‘result of incorrect configuration’ and did not include bank details
Personal information belonging to almost 20,000 University of Tasmania students was mistakenly made public for more than five months due to security settings being configured incorrectly.
Affected students were on Monday informed of the breach, which made their data available to anyone with a UTAS email address from late February to August 11.
UTAS says analysis of the files has revealed a ‘number of users’ with university emails have accessed the information.
About 20,000 pupils of the University of Tasmania (pictured) were on Monday informed their personal details were mistakenly made public for more than five months
The data, which contains personally identifiable information, is used to inform how the university supports students in their studies, UTAS says.
Bank account details were not part of the data breach.
‘Security settings on shared files were unintentionally configured incorrectly, which made the information visible and accessible to unauthorised users,’ the university said in a statement.
The university says it became aware of the breach on August 11 and has engaged independent experts to assist.
The breach was due to security settings being configured incorrectly – allowing people with a UTAS email to access the information from February to August 11. Picture: A woman studying
The information made publicly available contained personally identifiable data, used to inform how the university supports the students in their studies. Bank account details were, however, not part of the data breach. Pictured: University students studying
‘I sincerely apologise to all students who have been affected by this incident,’ University of Tasmania Vice-Chancellor Rufus Black said.
‘We have undertaken a thorough review of how this information became accessible and took immediate steps to ensure it is secure.’
UTAS is in the process of contacting people who accessed the data and has ‘sought assurance’ that the files, or screenshots or shared copies of the files, have been permanently deleted.
Vice-Chancellor Professor Rufus Black added every student affected was on Monday contacted ‘to explain what happened, to apologise, and to offer support.’ He said the university (pictured) engaged independent experts to assist in securing the information
Information belonging to the 19,900 students was made public through Microsoft Office365 platform SharePoint, which is used to store, share and access files.
Access privileges were incorrectly configured on an Office365 application, which displays content to users based on those privileges.
‘There is no evidence this data breach was a result of malicious activity,’ UTAS said.
‘The system has now been correctly configured.’
UTAS has set up a hotline for students with questions or concerns.
The university has since established a dedicated support line – 1800 019 897 – to assist students with any questions or concerns about the incident or their information. Pictured: A university student studying