This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

University of Wollongong

Summary

The University of Wollongong (UOW) confirmed a cyber incident on 7 December 2023 that likely resulted in unauthorised access to personal data of staff and students. The attack was quickly contained, with the university confirming that data including names, addresses, email addresses, and phone numbers was likely accessed. The university implemented new cloud security controls following the incident and warned users of potential phishing attacks.

What Happened

On 7 December 2023, the University of Wollongong detected a cyber incident affecting its systems. The university's cybersecurity team moved quickly to contain the breach and prevent further unauthorised access.

The attack targeted systems containing personal information of both staff and students. While the university acted swiftly to contain the incident, it acknowledged that data was likely accessed by unauthorised third parties during the breach window.

Impact on Individuals

Both staff and students were potentially affected by the breach. Data likely accessed by unauthorised parties included names, addresses, email addresses, phone numbers, and other personal information held by the university.

The university identified email addresses as presenting the greatest immediate risk to affected individuals, warning users to be vigilant against potential phishing attacks targeting their university email accounts. Attackers could use the stolen contact information to craft convincing phishing emails impersonating the university or related services.

Organisational Response

The university notified relevant regulatory bodies and authorities about the breach and engaged external cybersecurity experts to support their incident response and investigation efforts.

Following the incident, UOW implemented new security controls over key cloud-based systems incorporating the latest best-practice techniques. These enhanced controls aimed to strengthen the university's cybersecurity posture and prevent similar incidents in the future.

The university communicated directly with potentially affected staff and students, advising them to be alert to phishing attempts and to verify the authenticity of any communications claiming to be from the university.

Verification Source: View original statement