Personal information owned by nearly 20,000 universities Tasmania Students were misrepresented for more than five months because security systems were incorrectly configured.
Affected students were notified of the breach on Monday, which made their data available to anyone with a UTAS email address from late February to August 11, Aam Aadmi Party said.
UTAS claims that the analysis of the files approached the “number of users” information with university emails.
The data, which contains personally identifiable information, is used to inform how the university supports students in their studies, UDAS says.
Bank account details are not part of the data breach.
“The security systems of the shared files were accidentally misconfigured so that the information could be viewed and accessed by unauthorized users,” the university said in a statement.
The university said it was aware of the August 11 violation and had hired independent experts to help.
“I apologize to all the students affected by this incident,” said the Vice Chancellor of the University of Tasmania. Rufus Black Said.
“We have conducted a thorough review of how this information was accessed and have taken immediate steps to ensure that it is secure.”
UDAS is in the process of communicating with the person who accessed the data, and has “guaranteed” that the files, or screen shots or shared copies of the files have been permanently deleted.
Data owned by 19,900 students was made public through Microsoft Office 365 operating system SharePoint, which is used to store, share and access files.
Access privileges are incorrectly configured in the Office365 application, which displays content to users based on those privileges.
“There is no evidence that this data breach was the result of a malicious act,” UDAS said.
“The system is now configured correctly.”
UDAS has set up a hotline for students with questions or concerns.