Swinburne University of Technology has revealed it has responded to a data breach that made information about more than 5,000 people available online.
“Last month, Swinburne was advised that some information, such as names, email addresses and phone numbers, of around 5,200 Swinburne staff, 100 Swinburne students and some externals had been inadvertently made available on the internet,” the university said in a statement published on 16 April.
The exposed data was event registration information from multiple events from 2013 onwards, the tertiary institution said.
The university’s investigation into the breach showed that the source of the data was an event registration webpage that is no longer available.
The information made available were names, email addresses and, in some cases, contact phone numbers.
The Melbourne-based institution said it took immediate action to investigate and respond to the data breach, including removing the information and conducting an audit across other similar sites.
“We sincerely apologise to all those impacted by this data breach and for any concerns this has caused. We are currently in the process of contacting all individuals whose information was made available to apologise to them and offer appropriate support,” it said.
“We are also contacting around 200 other individuals not connected to Swinburne who had registered for the event and whose information was also made available,” it added.
The breach has been reported to the Office of the Australian Information Commissioner (OAIC), followed by the Office of the Victorian Information Commissioner (OVIC), the Tertiary Education Quality and Standards Agency (TESQA) and the Victorian Education Department.
Last year, Swinburne was reportedly one of a handful of local universities impacted after online exam tool ProctorU was hacked, with some students’ personal records compromised.