QUT hit by cyberattack breaching thousands of staff and students’ data. Source : Tima Miroschnichenko via Pexels.
A cyberattack at the Queensland University of Technology has compromised the personal data of thousands of staff members and 67 students.
The attack, which occurred in December, resulted in the data of around 2,500 staff members currently employed and several former staff members being solen.
17 current students and 50 former students have also been impacted.
When the attack occurred, on-campus printers began printing threatening ransom notes.
QUT Vice-Chancellor Professor Margaret Shiel said the university has begun the process of notifying those whose data was stolen.
“We are obviously concerned that the attack accessed stored document files and QUT is taking all necessary actions to support those affected to prevent further illegal activity.” Professor Shiel said.
“We have, and will continue to, directly communicate with each of the individuals, offering support through access to independent identify protection and services such as IDCARE and Equifax, as well as our own wellbeing support.” She said.
Professor Shiel sent out an email to students which said the data that was stolen possibly included stored files and personal information that could be used in identity theft.
The attack was allegedly perpetrated by Royal Ransomware, who runs well-known ransomware schemes, according to Professor Shiel.
The notes sent to QUT campuses detailed what supposedly occurred and prompted staff and students to contact Royal.
“If you are reading this, it means that your system were hit by Royal ransomware.” The note said.
“Your critical data was not only encrypted but also copied.
“From there it can be published online.
“…Anyone on the internet from the darknet and even your employees will be able to see your internal documentation.” It said.
The note then went on to ask for money to restore the stolen data, stating “your files will be decrypted, your data restored…”.
Professor Shiel said QUT is working with the authorities to resolve the incident.
“In addition to our own staff who have been managing this incident, we are also continuing to work with the relevant authorities, including the Australian Cyber Security Centre and Queensland Police Service.” Professor Shiel said.
“This is a timely reminder of the need for ongoing vigilance in relation to unauthorised cyber activity.” She said.
QUT shut down its IT systems in response to the incident in December during the attack.
