The University of Sydney (USYD) announced that a data breach suffered by a third-party service provider exposed the personal information of recently applied and enrolled international applicants.
The University of Sydney immediately launched an investigation into the incident and determined that only a limited number of recently applied and enrolled international applicants had their personal data compromised. The University did not share details about the exposed data or the type of attack that hit the third-party service.
“At this stage it appears the breach relates to a limited number of international students and applicants. The University is working hard to determine the scope of the breach and is in the process of contacting affected students.” reads the data breach notification published by the University. “We are still determining the nature of the information that may have been accessed and advise any concerned students or applicants to follow the guidance about keeping information safe.”
The security breach did not impact local students, staff, alumni, or donors.
USYD discovered that the incident only affected a single platform and other University systems were not breached.
At this time, the University has no evidence that any personal information has been misused.
The University immediately notified relevant cyber security authorities as well as the NSW Privacy Commissioner.
Students are recommended to remain vigilant about attempts of phishing attacks and unsolicited contacts via email, SMS, or telephone.
Universities are privileged targets for cyber criminals, in June the University of Manchester suffered a cyber attack and recently the University of Michigan was forced to shut down its operation-critical systems to contain a cyber attack.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, University of Sydney)
Fintech firm Figure confirmed a data breach after hackers used social engineering to trick an…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in BeyondTrust RS and…
A new alleged Russia-linked APT group targeted Ukrainian defense, government, and energy groups, with CANFAIL…
A new threat actor, UAT-9921, uses the modular VoidLink framework to target technology and financial…
Attackers quickly targeted BeyondTrust flaw CVE-2026-1731 after a PoC was released, enabling unauthenticated remote code…
Google says nation-state actors used Gemini AI for reconnaissance and attack support in cyber operations.…
This website uses cookies.
