--- Begin Message ---
> The University of Sydney has revealed the breach of an “online IT
code library” where data files containing details of 27,500 current and
former staff, affiliates and alumni were stored “for testing purposes”.
...
> "This information includes the name, date of birth, phone number and
home address ..."
> [This particular test-data was so unimportant to IT dev that] the
datasets "have been purged from the code library".
[ This has always been such an obvious no-no that a quick search of my
site suggests that I've never seen it as necessary to include it in any
of the considerable amount of prescriptive material on data security and
privacy topics that I've published over the last 30-odd years.
[ To be fair, before comms was married with computing - and in
particular telecomms rather than just 'local' / within building
connections - the air-gap and need for an in-house physical presence to
gain access provided a degree of protection.
[ That protection lasted until some time between 1975 and 1985. But,
over 40 years later, USyd's internal IT Dept hadn't noticed. ]
University of Sydney "online IT code library" breached
Personal data of 27,500 staff and affiliates stored in test files.
Ry Crozier
itNews
Dec 23 2025 8:25AM
https://www.itnews.com.au/news/university-of-sydney-online-it-code-library-breached-622694
The University of Sydney has revealed the breach of an “online IT code
library” where data files containing details of 27,500 current and
former staff, affiliates and alumni were stored “for testing purposes”.
University of Sydney "online IT code library" breached
In an incident notification, the university said the “historical data
files” in the code library were “accessed and downloaded” by an unknown
actor.
“The code library is used for code storage and development. A number of
data files containing personal information were also located in the code
library,” the university said.
“We believe these are historical extracts primarily used for testing
purposes at the time the code was developed.”
The university said the files contained personal information of “around
10,000 current staff and affiliates” and "around 12,500 former staff and
affiliates”, accurate as of September 2018.
Also impacted was personal information “of around 5000 alumni and
students, as well as six supporters”, with a date range of 2010 to 2019.
“This information includes the name, date of birth, phone number and
home address of those staff as well as some basic job information (e.g.
job title and employment dates),” the university said.
Vice president operations Nicole Gower wrote in a letter that an
investigation into the incident is underway, and would stretch into 2026.
“At this stage, the unauthorised access was limited to a single platform
and did not affect other university systems,” Gower wrote.
The university said it had notified relevant authorities, and had also
started notifying individuals whose details are in the breached files.
Gower added that the datasets “have been purged from the code library”.
--
Roger Clarke mailto:[email protected]
T: +61 2 6288 6916 http://www.xamax.com.au http://www.rogerclarke.com
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Visiting Professorial Fellow UNSW Law & Justice
Visiting Professor in Computer Science Australian National University
--- End Message ---
_______________________________________________
apf-media-archive mailing list
[email protected]
https://lists.privacy.org.au/mailman/listinfo/apf-media-archive
