The university only just revealed the breach on Tuesday morning with the Vice chancellor Dr Brian Schmidt saying the breach occurred in late 2018 "when a sophisticated operator accessed our systems illegally”.
“We detected the breach two weeks ago.”
“For the past two weeks, our staff have been working tirelessly to further strengthen our systems against secondary or opportunistic attacks. I'm now able to provide you with the details of what occurred,” Dr Schmidt said in a statement on the university’s website.
“Depending on the information you have provided to the University, this may include names, addresses, dates of birth, phone numbers, personal email addresses and emergency contact details, tax file numbers, payroll information, bank account details, and passport details. Student academic records were also accessed.”
Dr Schmidt said the systems that store credit card details, travel information, medical records, police checks, workers' compensation, vehicle registration numbers, and some performance records had not been affected.
“We have no evidence that research work has been affected.
“That is what we know. We're working closely with Australian Government security agencies and industry security partners to investigate further.”
Dr Schmidt said the University had taken immediate precautions to further strengthen its IT security and “is working continuously to build on these precautions to reduce the risk of future intrusion”.
“The chief information security officer will be issuing advice shortly on measures we can all take to better protect our systems and I strongly encourage you all to implement those measures. That advice, frequently asked questions, contact details for support, and more information about the breach is available now via our homepage.
“As you know, this is not the first time we have been targeted. Following the incident reported last year, we undertook a range of upgrades to our systems to better protect our data. Had it not been for those upgrades, we would not have detected this incident.
“We must always remain vigilant, alert and continue to improve and invest in our IT security.
“The required investment has been a priority of the University and I will keep you informed of the progress we're making. You will also receive regular updates on information security from the Chief Information Security Officer over coming months.
“I know this will cause distress to many in our community and we have put in place services to provide advice and support.”
Dr Schmidt said the university has set up a direct help line 1800 275 268 for anyone seeking more information “or with particular personal concerns”.
“This line is staffed by experts and will be confidential. Alternatively, you can email email@example.com.
“We have also increased counselling resources available for our community. I assure you we are taking this incident extremely seriously and we are doing all we can to improve the digital safety of our community.”
The ANU has also published on its website a list of data FAQs regarding the breach.