IT institute discloses major data breach

By Dylan Bushell-Embling
Thursday, 12 March, 2020

Melbourne Polytechnic has warned it has fallen victim to a major data breach involving the unauthorised access of files containing personal data of around 55,000 staff and students.

The data breach of the institute’s IT systems took place in the final months of 2018, but Melbourne Polytechnic was not aware of the incident until late 2019, when it was notified of the data theft by Victoria Police.

An individual has been charged with the breach and the matter is now before the courts, the institute said.

For the vast majority of victims of the breach, compromised information was limited to the usernames, passwords and email address of their Melbourne Polytechnic accounts.

But in some cases the stolen information may have included banking and credit card details, passport and driver’s licence numbers and some confidential health details.

Melbourne Polytechnic CEO Frances Coppolillo gave a mea culpa over the security lapse.

“On behalf of Melbourne Polytechnic, I offer my sincere apologies to all the people affected by this data breach. In sharing your information, you expected us to keep it safe and I am sorry that we were not able to do so,” Coppolillo said.

“In response to this incident, we have completed an independent review of our cybersecurity procedures and are implementing a range of improvements including software and hardware upgrades to better protect our IT systems.”

Melbourne Polytechnic has already been acting to increase the strength of its cybersecurity, and has escalated this process since becoming aware of the breach.

Commenting on how long it took Melbourne Polytechnic to publicly disclose the breach, Coppolillo said its highly complex nature meant it took many months to fully understand the scale and impact of the breach, and identify the names and contact details of those affected.

“With the forensic analysis now complete, we have acted as quickly as possible to notify affected individuals and to support them to take the actions needed to protect themselves,” she said.

“I would also like to apologise for the length of time it has taken us to be able to share this information with the people concerned.”

Image credit: ©James Thew/Dollar Photo Club