Melbourne Polytechnic

Melbourne Polytechnic (formerly known as NMIT) suffered a significant data breach exposing sensitive personal information of approximately 55,000 students and staff, including financial and health data.

What Happened

Unauthorised actors gained access to Melbourne Polytechnic's systems and extracted a substantial database containing personal records of 55,000 current and former students and staff members. The breach exposed a wide range of sensitive information including names, contact details, dates of birth, and critically, some financial and health information.

The compromised data included payroll information, bank account details, and in some cases, health records and disability information collected as part of student support services. The extent and sensitivity of the exposed data made this one of the more serious education sector breaches in Australia.

Impact on Individuals

Affected individuals faced significant risks of identity theft and fraud due to the exposure of financial information combined with personal identifiers. The inclusion of health and disability information was particularly concerning, as this data could be used for discrimination or harassment. Students and staff were advised to monitor their financial accounts and credit reports for suspicious activity.

Organisational Response

Melbourne Polytechnic notified affected individuals and reported the breach to the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches scheme. The institution engaged cybersecurity experts to investigate the breach, strengthen security controls, and prevent future incidents. Support services were offered to affected students and staff.