QUT Confirms Thousands of Staff’s Data Stolen by Hackers

QUT Confirms Thousands of Staff’s Data Stolen by Hackers
Pixabay
Updated:

The Queensland University of Technology (QUT) has confirmed that part of its staff and student data was stolen in a cyber attack last month.

The university confirmed on Jan. 20 that data belonging to nearly 2,500 current employees, several former employees, and 17 current and 50 former students was stolen in a cyber attack on Dec. 22, 2022.

Prof. Margaret Sheil, the chancellor of QUT, said the university had begun contacting affected staff and students and would continue to do so into next week.

“We are obviously concerned that the attack accessed stored document files, and QUT is taking all necessary actions to support those affected to prevent further illegal activity,” Sheil said.

“We have, and will continue to, directly communicate with each of the individuals, offering support through access to independent identity protection and services such as IDCARE and Equifax as well as our own well-being support.”

According to the expert forensic analysis, the attack damaged one storage drive, but systems used for email, teaching, research, student management, and financial and personnel management were not affected.

Hands on a keyboard in an undated file photo. (PA)
Hands on a keyboard in an undated file photo. PA
The hack in December caused QUT’s printers to churn out ransom notes, Australian Broadcasting Corporation (ABC) reported. The university was forced to shut down some of its IT systems as a precaution.

The note purportedly came from Royal ransomware, which Sheil said ran a well-known ransomware scheme.

“Your critical data was not only encrypted but also copied,” reads the note. “From there, it can be published online. Then anyone on the internet from darknet and even your employees will be able to see your internal documentation.”

“Fortunately, we got you covered!” the note continued. “Royal offers you a unique deal. For a modest royalty (got it; got it?) for our covering you from reputational, legal, financial, regulatory, and insurance ri.”

The university said it was not aware of any data being accessed or exploited by criminals.

“In addition to our own staff who have been managing this incident, we are also continuing to work with the relevant authorities, including the Australian Cyber Security Centre and Queensland Police Service,” said Sheil.

“This is a timely reminder of the need for ongoing vigilance in relation to unauthorised cyber activity.”

Cybersecurity One of the Biggest Issues Australia Facing

Cybersecurity is among the biggest challenges for Australia as the country faces “the most dangerous set of strategic circumstances” since the Second World War, according to Home Affairs Minister Clare O’Neil.
Cyber Security Minister Clare O’Neil speaks at Parliament House in Canberra, Australia, on Sept. 5, 2022. (AAP Image/Mick Tsikas)
Cyber Security Minister Clare O’Neil speaks at Parliament House in Canberra, Australia, on Sept. 5, 2022. AAP Image/Mick Tsikas
Speaking at the National Press Club in December 2022, Clare O’Neil addressed issues she said Australia is facing, namely cybersecurity, foreign interference, immigration, and climate change.

“It’s felt in our economy, where we are waking from a cyber slumber,” she said.

“It’s felt in our private lives, where our identities are vulnerable, and personal information is at risk. It’s felt in business and research, where Australia’s hard-won innovations are at constant risk of theft.”

“And it’s felt in our democracy, where foreign actors are trying to influence decisions in our parliaments and universities, and subjecting Australians to online misinformation and disinformation campaigns which spread like viruses around our communities.”

The comment comes after Australia experienced two major cyber attacks against telecommunication company Optus and the country’s largest health insurer Medibank, within three weeks of each other.

Nina Nguyen contributed to this report.