In another incident, a total of 10,000 students, employees, and several former staff have been affected by a cyber attack on one of the largest tertiary institutions in Queensland.
In January, the company showcased thousands of people that are associated with the university that may have become the victim of the attack in December.
The attack was revealed after the campus printers started printing out ransomware notes which forced the university to close down many of its IT systems and applications as a measure.
It was publicly at first revealed that all 2,500 employees, former and present, had personal data stolen which is the second-largest university in Queensland.
According to QUT, 11,405 people were affected by the cyber attack that includes 2,492 current staff of the university and 8,846 former staff.
Along with staff, 17 current students and around 50 students were also affected by the attack. The spokesperson informed us that around 3,820 numbers of people’s tax files have been corrupted.
“After detailed forensic analysis we did establish late last month that the cybercriminals managed to access a number of files on an internal storage drive, some of which included personal information of current and former employees and students,” the statement said.
The data stolen could be used by the attackers to use their identity proof on several other websites, however, there is no proof of any criminal activity so far.
“Firstly, QUT is disappointed and sorry that this cybercrime has potentially impacted on our staff and former staff. It is important to note the security of our HR, student, or financial systems was not compromised or accessed by the cyber criminals,” the statement said.
“We also have no evidence to date of any further illegal activity in relation to the data that may have been accessed by the cyber criminals.”
In December, the hackers left a note that said, “Your critical data was not only encrypted but also copied”, with a warning that the data will be published online unless a “modest royalty” was paid.
To stop further breaches, the university asked all the staff and students to change their passwords. Extra steps have been taken for those who are either working or studying from home.
“We have also implemented additional expert monitoring and validation mechanisms,” the statement said.
“At every stage of our response we have been in regular communication with staff students and all relevant Queensland and Federal authorities.”
The Vice Chancellor of the university, Margaret Sheil stated the university had already found its vulnerability in its system.
“We understand how this happened, what the particular vulnerability was, we have addressed that,” she said.
The vice chancellor gave a positive response by saying that this “scenario of events” won’t happen again.
“Can I be confident that we won’t be subject to further attacks? I can’t, I can never be that confident,” she said.
“They are very active, these kinds of criminals, and we are not the only ones being targeted.”
The university further added that those who are affected by the attack are being notified by email and have been given extra protection for their IDs.
“The information was in storage files only accessible to a limited number of authorised personnel,” QUT’s statement said.
“Going forward we will accelerate our use of more secure, cloud-based, and other forms of storage.
“We have commenced [a] further review and monitoring of all systems and storage to ensure that they are managed in accordance with the relevant legislative requirements for retention and record keeping and will review and update if necessary QUT retention and records policy and practices.”