This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

University of Sydney

Summary

The University of Sydney disclosed a third-party data breach in August 2023 that affected a small proportion of international students and applicants. The breach involved a third-party service provider whose identity was not publicly disclosed. The university confirmed there was currently no evidence that personal information had been misused and that the issue was isolated to a single platform, with no impact on domestic students, employees, alumni, or donors.

What Happened

In August 2023, a third-party provider used by the University of Sydney experienced a data breach that compromised personal information of some international students and recent applicants. The university did not publicly disclose when the breach occurred or identify which third-party service was compromised.

The breach was isolated to a single platform used specifically for international student applications and admissions processes. The university's provisional findings indicated that the incident did not affect domestic students, university employees, alumni, or donors.

Impact on Individuals

The breach affected a "small proportion" of international students and applicants to the university. While specific numbers were not disclosed, the compromised personal data likely included information typically collected during the admissions process for international students.

The university stated there was currently no evidence that any personal information had been misused, suggesting the breach was detected before significant harm could occur to affected individuals.

Organisational Response

The University of Sydney took immediate containment measures upon learning of the breach and notified relevant cyber security authorities as well as the NSW Privacy Commissioner.

The university committed to continuing its investigation to determine the full extent of the breach and promised to contact all affected students and applicants with necessary information and guidance. The prompt notification to regulatory authorities demonstrated the university's commitment to transparency in breach response.

The incident highlighted the cybersecurity risks associated with third-party service providers in the education sector, particularly platforms handling sensitive student application data.

Verification Source: View original statement