What happened
In late 2018 a sophisticated actor gained access to the Australian National University’s administrative systems, potentially accessing up to 19 years of data on staff, students and visitors — around 200,000 people [anu-report]. ANU published an unusually detailed public incident report on the breach in 2019.
Timeline
- 2018-11 — Intrusion into ANU administrative systems [anu-report].
- 2019-06 — ANU publicly disclosed the breach; detailed report followed [anu-report].
Current status
Resolved. ANU’s transparent incident report became a widely-cited case study. [anu-report]
Why it matters
Notable both for its sophistication and for ANU’s rare decision to publish a full, candid account of how the breach unfolded.