The Australian Catholic University has become the latest tertiary institution to disclose a recent data breach, with sensitive staff information being accessed by unknown attackers.
A brief document from acting vice-chancellor Dr Stephen Weller said the May 22 attack succeeded in compromising a small number of staff logins through a phishing email, purporting to be from the university itself.
ACU has seven campuses across Australia, with over 35,000 students enrolled.
The phishing email contained a link to a fake login page that allowed attackers to intercept staff access credentials.
With the logins at hand, attackers were able to access email accounts, calendars and bank details of further ACU staffers.
Weller did not say how many ACU staff were affected by the data breach, but the university has contacted every person involved.
Breached accounts have been reset, too, and ACU's bank notified that there could be fraudulent activity ahead after the attack.
ACU has also notified the Tertiary Education Quality and Standards Agency (TEQSA),
the Office of the Australian Information Commissioner (OAIC), and the Australian Cybercrime Online Reporting Network (ACORN).
Weller warned that ACU logins provide access to a number of university systems, and that it is important to keep credentials secure.
He advised users not to click on links or opening attachments in messages from unknown senders, and to avoid re-using ACU credentials on non-university systems.
Tertiary academic institutions have come under attack recently. Earlier this month, the Australian National University revealed that it had discovered an attack that took place in late 2018 that saw 19 years' of data being accessed by a "sophisticated operator".
The Australian National University (ANU) has also been hit by two major network intrusions since July 2018, possibly by an advanced persistent threat (APT) nation-state threat actor.
The ANU raids have been cited by Home Affairs Minister Peter Dutton as a reason to potentially expand the role of the Australian Signals Directorate from foreign intelligence collection to include domestic missions.
