The University of Sydney (USYD) announced a data breach caused by a third-party service provider that exposed the personal information of recently applied and enrolled international applicants. An investigation revealed that the breach was limited to a single platform and did not impact local students, staff, alumni, or donors.
USYD immediately notified relevant cybersecurity authorities and the NSW Privacy Commissioner. The University also advised affected applicants to follow guidance on keeping personal information safe.
This incident serves as an important reminder for universities to ensure vendors and third parties uphold strong cybersecurity practices. Universities face increased cyber threats, as seen in recent attacks on the University of Manchester and the University of Michigan.
