Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

University of Sydney discloses a data breach impacting 27,000 people

Hackers stole personal data of about 27,500 people from the University of Sydney after accessing an online code library, the university confirmed. The University of Sydney disclosed a data breach in which threat actors accessed an online code library and stole personal information linked to about 27,500 individuals, including current and former staff, affiliates, students, […]

University of Sydney (USYD)

Hackers stole personal data of about 27,500 people from the University of Sydney after accessing an online code library, the university confirmed.

The University of Sydney disclosed a data breach in which threat actors accessed an online code library and stole personal information linked to about 27,500 individuals, including current and former staff, affiliates, students, and alumni.

In response to the security breach, the university took immediate action to protect its systems and community by blocking the unauthorized access and securing the affected environment. The compromised repository was primarily used for code storage and development, but the breach notification confirmed that it also contained historical data files.

Exposed files included personal information of about 10,000 current staff, 12,500 former staff, and roughly 5,000 alumni and students, mostly dating from 2010–2019.

“The unauthorised access includes a historical data file from a retired system containing personal information about staff employed at the University on 4 September 2018. This information includes the name, date of birth, phone number and home address of those staff as well as some basic job information (e.g. job title and employment dates).” reads the data breach notification published by the University of Sydney. “While the data has been accessed and downloaded, there is currently no evidence it has been used or published. We are actively monitoring for any signs of use or publication and, should this occur, we will update you immediately.”

The university pointed out that the incident is unrelated to the recent student results issue.

The institution confirmed that although attackers accessed and downloaded the data, there is no evidence so far that it has been misused or made public. It added that it is closely monitoring the situation and will promptly inform affected individuals if any signs of use or publication emerge.

The University of Sydney reported the breach to authorities and is working with cybersecurity partners to investigate the incident and assess its full impact.

“We are carefully working through the data to identify all members of our community who are affected, so we can inform them and provide appropriate support. Notifications to impacted individuals will commence today, aiming to be completed in January 2026 when we estimate the full assessment of file reviews will be completed and we have contact details for all impacted individuals.” concludes the notification. “We have provided general advice on the precautions people can take to lower the risk of their accessed data being misused below.”

In September 2023, the University of Sydney (USYD) announced that a data breach suffered by a third-party service provider exposed the personal information of recently applied and enrolled international applicants.

The University immediately launched an investigation into the incident and determined that only a limited number of recently applied and enrolled international applicants had their personal data compromised. The University did not share details about the exposed data or the type of attack that hit the third-party service.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, University of Sydney)