This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Swinburne University

Summary

Swinburne University discovered that seven years of event registration data had been inadvertently exposed online, affecting approximately 5,000 staff, students, and external participants. The breach involved personal information collected through the university's event management systems.

What Happened

In April 2021, Swinburne University identified that event registration data spanning from 2013 to 2020 had been accessible online. The data included information from people who had registered for university events, seminars, workshops, and other activities over this seven-year period.

The exposure was caused by a misconfiguration that left the event registration database accessible without proper authentication controls. It's unclear how long the data had been exposed before discovery.

Impact on Individuals

The breach affected approximately 5,000 individuals including:

  • Current and former students
  • Staff members
  • External participants in university events

Exposed information included names, email addresses, phone numbers, and in some cases dates of birth. While not involving highly sensitive data, the exposure created risks of targeted phishing and spam.

Organisational Response

Swinburne University immediately secured the exposed data upon discovery and began notifying affected individuals. The university conducted an investigation to determine how the misconfiguration occurred and implemented measures to prevent similar exposures.

Verification Source: View original statement