The University of Sydney lost a portable notebook computer on the last day of February containing sensitive information about disabled students at the academic institution.
The university requires students to disclose if they have a medical condition or impairment in order to receive support and academic adjustments.
A database containing this information - as well as student names, dates of birth and contact details - was located on the lost laptop.
A message to students by the University of Sydney's director of student services, Jordi Austin, said the database was put on the laptop "to facilitate improvements to the service we provide to you [students], which required changes to our disability assist database." The news was first reported by Fairfax.
No information was provided on who the notebook computer belonged to, where it was lost, or why it was in transit, nor would the university disclose how many students were affected by the breach.
The university declined to comment on whether or not the database, or the storage on the laptop, was encrypted.
In the message to students, the university would only say that the portable computer was password protected, and warned that "this does not absolutely guarantee the security of the information [stored on the device]".
"It is possible that the database could be inappropriately and unlawfully accessed," Austin wrote.
New South Wales Police has been notified, but a university spokesperson did not detail the whereabouts of the notebook.
Austin said the university would conduct a full investigation into the privacy lapse, which will result in unspecified changes to procedures to prevent future incidents of similar nature.
Students can make privacy complaints to university's privacy officer about the incident.
The breach comes as the NSW government considers introducing privacy laws for individuals, which would allow those affected by data breaches to sue the organisations and individuals responsible.