Menu
Browse

Cyber Incident Victim: University of Sydney

Date:

Feb 2015

Location:

Australia

Summary

The University of Sydney’s Information Security Team was alerted to a vulnerability in the ORSEE recruitment system through a tip from another institution, leading to the discovery that an unknown party had accessed the database. Personal information of about five thousand students, including names, contact details and gender, was potentially exposed. After confirming the breach, the team disabled the ORSEE application and the Dean of the Faculty of Arts and Social Sciences notified the affected students.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 1 motive 1 technique
Threat Actor Type Location
1 actor Available to members Available to members

Description

On February 2, 2015, an unknown party gained access to the University of Sydney’s ORSEE application, the Online Recruitment System for Economic Experiments. The breach exposed the personal information of approximately five thousand students who had registered in the system. The data stored in ORSEE included each student’s name, contact details, and gender. Many of the affected students had applied to participate in the university’s economic experiments.

Cyber Incident Image

The university’s Information Security Team first learned of a vulnerability in the ORSEE software on February 6, 2015, after receiving a tip from another institution. Despite this early warning, the team did not disable the compromised application until February 10, 2015. The eight‑day interval between the initial unauthorized access on February 2 and the shutdown on February 10 allowed the attacker continued access to the stored data. Following the shutdown, the security team prepared a notification to inform the affected students of the potential exposure.

On February 12, 2015, Dean Duncan Ivison of the Faculty of Arts and Social Sciences sent an email to the five thousand students, stating that their personal information could now be in the hands of hackers due to the breach. The notification explained that the Information Security Team had identified the breach and taken steps to secure the system. No further details about the attacker’s identity or actions were disclosed in the communicated message.

Sources
Sources available to members
1 source