[BreachExchange] 55, 000 files accessed in Melbourne Polytechnic data breach

[Destry Winant]

https://www.arnnet.com.au/article/671742/melbourne-polytechnic-reveals-data-breach/

Melbourne Polytechnic has revealed it suffered a data breach in late
2018, with 55,000 files containing email addresses, passwords and
financial and health information being accessed.

The institution was notified of the breach in late 2019 following an
investigation by Victoria Police, with forensic ICT specialists and
cyber security experts spending months to determine the extent and
scale of the breach, according to Melbourne Polytechnic.

It was determined that the breach affected people including those who
worked or studied at Melbourne Polytechnic before September 2018.

Following the investigation, the institution said Victoria Police
charged an individual and the matter is now before the courts.

"Detectives from Darebin Crime Investigation unit have charged a man
following an investigation into an alleged data breach," Victoria
Police told ARN in a statement. "It is alleged the man gained
unauthorised access to data from two higher education institutions
between August and December 2018, and was also in possession of other
unauthorised data.

"The 34-year-old Heidelberg Heights man was arrested on 11 October and
charged with 12 offences, including unauthorised access with the
intention to commit a serious offence, unauthorised access to
restricted data, supplying identification information to commit an
indictable offence and possession of identification with the intention
to commit an indictable offence," Victoria Police added.

 Helping customers address their data challenges in 2020 and beyond
More from Veeam

The individual has been bailed to appear at the Heidelberg magistrates
court on the 19 March 2020.

Meanwhile, Melbourne Polytechnic has sent letters to breached
individuals, providing individualised details about what information
was taken. ARN understands that these letters were expected to arrive
from 10 March.

In addition to the letters, Melbourne Polytechnic has set up a cyber
support call centre, developed in partnership with Australian and New
Zealand identify and cyber support service IDCARE.

Frances Coppolillo, CEO of Melbourne Polytechnic, offered her
apologies to those affected and said the institution has conducted an
independent review of its cyber security procedures and is
implementing improvements to its IT systems.

“This data breach was highly complex in nature and it has taken many
months to fully understand its scale and impact, including identifying
the names and contact details of the people affected and the details
of how they were impacted by the breach,” Coppolillo said.

“With the forensic analysis now complete, we have acted as quickly as
possible to notify affected individuals and to support them to take
the actions needed to protect themselves.

“I would also like to apologise for the length of time it has taken us
to be able to share this information with the people concerned.”