The University of Tasmania has today contacted students whose personal information was inadvertently made accessible to all users with a utas.edu.au email address.
The data, which is used to inform the ways the University supports students in their studies, contained personally identifiable information of 19,900 students.
There is no evidence this data breach was the result of malicious activity. Security settings on shared files were unintentionally configured incorrectly, which made the information visible and accessible to unauthorised users.
University of Tasmania Vice-Chancellor Professor Rufus Black said the University had responded quickly to secure the information and engaged independent experts to assist.
“We have undertaken a thorough review of how this information became accessible and took immediate steps to ensure it is secure,” Professor Black said.
“This morning, we contacted every student affected by this incident to explain what had happened, to apologise, and to offer support.”
The University has established a dedicated support line – 1800 019 897 – to assist students with any questions or concerns about their personal information. Experts in national identity and cyber support services IDCARE have also been engaged to provide independent advice and support to students, including dedicated case managers who work with individuals to develop tailored response plans.
The privacy regulator, the Office of the Australian Information Commissioner, has been notified.
More information, including FAQs, is available on the University’s website.