The University of Tasmania has had to contact almost 20,000 students after their personal information was accidentally made accessible to all users with a UTAS email address.
In a statement, the university said the data contained « personally identifiable information of 19,900 students ».
UTAS said there was « no evidence this data breach was the result of malicious activity » and that « security settings on shared files were unintentionally configured incorrectly, which made the information visible and accessible to unauthorised users ».
The university said on 11 August it « became aware that electronic files stored on one of the SharePoint sites on the Office365 platform were inadvertently able to be accessed by individuals with a University of Tasmania email address ».
« The security settings for this SharePoint site were unintentionally configured incorrectly. This meant that individuals with a utas.edu.au email address not authorised to access documents saved in the site, were inadvertently granted access.
« This was the result of incorrect configuration. There is no evidence this data breach was a result of malicious activity. The system has now been correctly configured. »
In the email, students are advised any files they may have downloaded containing student information « must be permanently deleted ».
« If you have made copies or screenshots of any of the documents or any of the content that was contained in the documents, these must also be permanently deleted, » the email states.
« If you have shared or sent the documents or any of the content from the documents, you must take steps to have it returned and/or permanently deleted. »
Vice-chancellor Professor Rufus Black said UTAS had « responded quickly to secure the information and engaged independent experts to assist ».
« We have undertaken a thorough review of how this information became accessible and took immediate steps to ensure it is secure, » Professor Black said.
« This morning, we contacted every student affected by this incident to explain what had happened, to apologise and to offer support. »
The university said: « Experts in national identity and cyber support services IDCARE have also been engaged to provide independent advice and support to students, including dedicated case managers who work with individuals to develop tailored response plans. »
This service may include material from Agence France-Presse (AFP), APTN, Reuters, AAP, CNN and the BBC World Service which is copyright and cannot be reproduced.
AEST = Australian Eastern Standard Time which is 10 hours ahead of GMT (Greenwich Mean Time)
Donnez votre point de vue et aboonez-vous!
Votre point de vue compte, donnez votre avis
[maxbutton id= »1″]