Sydney University Suffers Supply Chain Breach

Written by

The University of Sydney has revealed a supply chain-related data breach in which the personal information of international students and applicants was accessed.

Founded in 1850, the Australian public research university was recently ranked as one of the top 20 in the world. It hosts around 70,000 students and 9000 academic and administrative staff members.

A data breach announcement posted to the university website late last week sought to downplay the seriousness of the incident. It claimed that only a “limited” number of international staff and students were impacted and that immediate steps were taken to secure systems and contain the incident.

“At this stage our provisional findings indicate that no domestic students, staff, alumni or donors’ data has been affected,” it added.

“The issue was isolated to a single platform and had no impact on other university systems. There is currently no evidence that any personal information has been misused. We are working to contact impacted students and applicants and will continue to monitor our systems.”

Read more on university breaches: Millions of UK University Credentials Found on Dark Web

The university said it has already contacted the “relevant cybersecurity authorities,” as well as notifying the New South Wales privacy commissioner.

There’s still no definitive evidence about what type of data has been compromised and how many students and applicants are affected.

In the meantime, the university has posted a lengthy list of cybersecurity best practices for students to follow. These cover phishing awareness, secure browsing, personal data protection and more.

This isn’t the first time that Sydney University has been caught out by a third-party incident. In 2020, a breach at proctoring platform provider ProctorU enabled hackers to steal and publish 440,000 user records, including email addresses belonging to the university and several of its Australian peers.

Higher education institutions remain a popular target for attackers, as they’re assumed to be under-protected but with a low tolerance for outages.

The University of Manchester posted a data breach notice in June, related to an incident in which staff and students’ personal information and over one million NHS records were compromised.

Editorial image credit: ArliftAtoz2205 /

What’s hot on Infosecurity Magazine?