University of Sydney "online IT code library" breached

By
Personal data of 27,500 staff and affiliates stored in test files.

The University of Sydney has revealed the breach of an “online IT code library” where data files containing details of 27,500 current and former staff, affiliates and alumni were stored “for testing purposes”.

In an incident notification, the university said the “historical data files” in the code library were “accessed and downloaded” by an unknown actor.

“The code library is used for code storage and development. A number of data files containing personal information were also located in the code library,” the university said.

“We believe these are historical extracts primarily used for testing purposes at the time the code was developed.”

The university said the files contained personal information of “around 10,000 current staff and affiliates” and "around 12,500 former staff and affiliates”, accurate as of September 2018.

Also impacted was personal information “of around 5000 alumni and students, as well as six supporters”, with a date range of 2010 to 2019.

“This information includes the name, date of birth, phone number and home address of those staff as well as some basic job information (e.g. job title and employment dates),” the university said.

Vice president operations Nicole Gower wrote in a letter that an investigation into the incident is underway, and would stretch into 2026.

“At this stage, the unauthorised access was limited to a single platform and did not affect other university systems,” Gower wrote.

The university said it had notified relevant authorities, and had also started notifying individuals whose details are in the breached files.

Gower added that the datasets “have been purged from the code library”.

