Personal details of staff, students and visitors to the Australian National University over the past 19 years have been exposed in a "sophisticated" data breach.
Subscribe now for unlimited access.
$0/
(min cost $0)
or signup to continue reading
Data including names, addresses, phone numbers, email addresses, tax-file numbers, payroll information, bank account details, passports and student academic records were accessed during the data breach.
In a message to staff and students at the university, Vice-Chancellor Brian Schmidt said the breach was detected on May 17, after a "sophisticated operator" accessed systems illegally late last year.
"We're working closely with Australian government security agencies and industry security partners to investigate further," Dr Schmidt said.
"We have no evidence that research work has been affected.
"The systems that store credit card details, travel information, medical records, police checks, workers' compensation, vehicle registration numbers and some performance records have not been affected."
The data breach comes as China-based hackers infiltrated the university's IT systems in July last year.
Dr Schmidt said upgrades to IT systems following that attack allowed the university to detect the latest breach.
"For the past two weeks, our staff have been working tirelessly to further strengthen our system against secondary or opportunistic attacks," Dr Schmidt said.
"We must always remain vigilant, alert and continue to improve and invest in our IT security.
"We are taking this incident extremely seriously and we are doing all we can to improve the digital safety of our community."
Staff and students at the university were told about the data breach in an email just after 11am on Tuesday.
A university spokesman said the breach had been referred to federal government agencies and are unable to attribute who was behind the attack.
Information in ANU email addresses were not accessed in the breach.
The university said information accessed during the breach was copied and had not been altered.
Students and staff had been told by the university's chief information security officer to change passwords, monitor incoming emails and use updated systems on devices.