🔒breach.co.nz · the NZ & Australia breach register 🛡️ A Govern service
Register › 🇦🇺 AU › Education

Australian National University

🇦🇺 Canberra, ACT · The Australian National University · Record AU-2019-0028
● Confirmed
People affected
200,000 (approx)
Breach date
2018-11
Regulator
none (public incident report)
Trust tier
A · Confirmed

Data exposed

Up to 19 years of staff, student and visitor personal data (names, addresses, bank details, academic records) Media-reported

Confidence: Confirmed = regulator/court · Company-confirmed = the organisation's own disclosure · Media-reported = press. Figures without an official source are labelled, not estimated.

What happened

In late 2018 a sophisticated actor gained access to the Australian National University’s administrative systems, potentially accessing up to 19 years of data on staff, students and visitors — around 200,000 people [anu-report]. ANU published an unusually detailed public incident report on the breach in 2019.

Timeline

  • 2018-11 — Intrusion into ANU administrative systems [anu-report].
  • 2019-06 — ANU publicly disclosed the breach; detailed report followed [anu-report].

Current status

Resolved. ANU’s transparent incident report became a widely-cited case study. [anu-report]

Why it matters

Notable both for its sophistication and for ANU’s rare decision to publish a full, candid account of how the breach unfolded.