An IT fuckup at the University of Tasmania has accidentally shared the personal info of almost 20,000 students to everyone with a university email address.
It’s believed the info included students’ full names, their email addresses, phone numbers, dates and countries of birth, student IDs, course results, Aboriginal and/or Torres Strait Islander status, disability status, and even their high school ATARs, among other things.
“The data, which is used to inform the ways the university supports students in their studies, contained personally identifiable information of 19,900 students,” the University of Tasmania said in a statement.
“There is no evidence this data breach was the result of malicious activity.
“Security settings on shared files were unintentionally configured incorrectly, which made the information visible and accessible to unauthorised users.”
UTAS says the problem stemmed from a misconfigured Microsoft SharePoint site which exposed students’ info to anyone with an email address ending with “utas.gov.au” from February 27 all the way until August 11, when the university found out about the breach.
It was not until September 21 that the uni informed students – and the public – about what had happened.
“On behalf of the university I sincerely apologise to all students who have been affected by this incident,” Vice Chancellor Professor Rufus Black said in a statement to students.
“Please be assured that we take the management of your personal information extremely seriously.
“We have undertaken a thorough review of how this information became accessible and have taken immediate steps to ensure it is secure.”
A support line has now been set up for UTAS students at 1800 019 897.
More to come.
