Cyber attack on ACU IT systems

This is to advise that ACU has been the target of a cyber attack. A data breach was discovered on 22 May 2019 and a number of staff email accounts and some University systems have been compromised. The University deeply regrets that this data breach has occurred.

The data breach originated from a phishing attack: an email pretending to be from ACU tricking users into clicking on a link or opening an attachment and then entering credentials into a fake ACU login page.

In a very small number of cases, staff login credentials were obtained successfully via the phishing email and were used to access the email accounts, calendars and bank account details of affected staff members.

What we have done so far:

• contacted each person identified as being directly affected
• reset the accounts of those whose accounts had been breached
• notified ACU’s bank about potentially fraudulent activity
• notified the Tertiary Education Quality and Standards Agency (TEQSA)
• notified the Office of the Australian Information Commissioner (OAIC)
• alerted the Australian Cybercrime Online Reporting Network (ACORN)

All University staff and students should follow these instructions:

• Store your password securely and do not share it with anyone. If you want to change your password, please follow these instructions.
• Avoid opening links or attachments from unknown senders via email or social media and carefully examine attachments from alleged known senders.
• Be aware of potential phishing emails and telephone calls from businesses, government departments or institutions requesting personal details.
• Consider reviewing and updating all passwords on all your non-university email internet accounts and follow best practice for choosing strong passwords.
• Do not use your ACU credentials for non-ACU related accounts.

It is important to remember that ACU credentials give access to a number of University systems, so it is vital to keep login credentials secure.

ACU’s top priority is to protect the data and information of our staff and students. We take very seriously our responsibilities to manage the security of data and the security of our IT systems.

We also recognise the importance of cyber security awareness for students and staff and are reviewing ACU’s cyber security awareness programs.

If you have any concerns or questions, please refer to the following resources and support services:

• Assistance for staff: Service Central
• For confidential counselling support on Identity and Cyber Security matters: 1300 432 273 or submit an online form at https://www.idcare.org/
• For advice and support about data breaches: the Australian Information Commissioner

Any media enquiries should be referred to Liz Drew, 0419 506 690, liz.drew@acu.edu.au

Dr Stephen Weller
Acting Vice-Chancellor