BreachExchange mailing list archives
Extraordinary blunder results in the private details of almost 20, 000 Australian university students leaked online in massive data breach
From: Destry Winant <destry () riskbasedsecurity com>
Date: Mon, 21 Sep 2020 09:28:28 -0500
https://www.dailymail.co.uk/news/article-8754721/Private-details-20-000-Australian-university-students-leaked-online-massive-data-breach.html Personal information belonging to almost 20,000 University of Tasmania students was mistakenly made public for more than five months due to security settings being configured incorrectly. Affected students were on Monday informed of the breach, which made their data available to anyone with a UTAS email address from late February to August 11. UTAS says analysis of the files has revealed a 'number of users' with university emails have accessed the information. About 20,000 pupils of the University of Tasmania (pictured) were on Monday informed their personal details were mistakenly made public for more than five months The data, which contains personally identifiable information, is used to inform how the university supports students in their studies, UTAS says. Bank account details were not part of the data breach. 'Security settings on shared files were unintentionally configured incorrectly, which made the information visible and accessible to unauthorised users,' the university said in a statement. The university says it became aware of the breach on August 11 and has engaged independent experts to assist. The breach was due to security settings being configured incorrectly - allowing people with a UTAS email to access the information from February to August 11. Picture: A woman studying The information made publicly available contained personally identifiable data, used to inform how the university supports the students in their studies. Bank account details were, however, not part of the data breach. Pictured: University students studying 'I sincerely apologise to all students who have been affected by this incident,' University of Tasmania Vice-Chancellor Rufus Black said. 'We have undertaken a thorough review of how this information became accessible and took immediate steps to ensure it is secure.' UTAS is in the process of contacting people who accessed the data and has 'sought assurance' that the files, or screenshots or shared copies of the files, have been permanently deleted. Vice-Chancellor Professor Rufus Black added every student affected was on Monday contacted 'to explain what happened, to apologise, and to offer support.' He said the university (pictured) engaged independent experts to assist in securing the information Information belonging to the 19,900 students was made public through Microsoft Office365 platform SharePoint, which is used to store, share and access files. Access privileges were incorrectly configured on an Office365 application, which displays content to users based on those privileges. 'There is no evidence this data breach was a result of malicious activity,' UTAS said. 'The system has now been correctly configured.' UTAS has set up a hotline for students with questions or concerns. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Extraordinary blunder results in the private details of almost 20, 000 Australian university students leaked online in massive data breach Destry Winant (Sep 21)