Thousands of staff and 67 students at the Queensland University of Technology had their personal data compromised in a cyber attack last month.
About 2,500 current staff and a number of former staff at the state’s second-largest university have had personal data stolen, which could be used in identity theft.
As for students, 17 current and 50 former students have been affected.
In an email to students on Friday, vice-chancellor Margaret Sheil said the data that may have been compromised was stored files and included some personal information for students that “could assist in identity theft”.
“We have identified 17 current students and a small number of former students that may have been impacted,” the email said.
The cyber attack on December 22 caused campus printers to spit out ransomware notes in bulk, and led the university to shut down a number of its IT systems as a precaution.
The note purported to be from Royal ransomware, which Professor Sheil said ran a well-known ransomware scheme.
The note said “your critical data was not only encrypted but also copied”, warning it could be published online unless a “modest royalty” was paid.
In Friday’s email to students, Professor Sheil said the university was unaware of any of the compromised data being exploited or accessed by criminals at this stage.
“We are obviously concerned that the attack accessed stored document files and QUT is taking all necessary actions to support those affected to prevent further illegal activity,” the email said.
“We have, and will continue to, directly communicate with each of the individuals, offering support through access to independent identity protection and services such as IDCARE and Equifax as well as our own wellbeing support.”
Professor Sheil said the university would continue to investigate the attack.
“In addition to our own staff who have been managing this incident, we are also continuing to work with the relevant authorities, including the Australian Cyber Security Centre and Queensland Police Service.
“Our staff have been working since the attack to utilise what we and others have learnt from these incidents, reviewing all systems, and making immediate long-term changes to improve our practices and security, and prevent further attacks.
“I urge everyone to remain vigilant for any suspicious activity via email, SMS, phone, or other channels.”