Last month, Swinburne was advised that some information, such as names, email addresses and phone numbers, of around 5,200 Swinburne staff, 100 Swinburne students and some externals had been inadvertently made available on the internet. This data was event registration information from multiple events from 2013 onwards.
We took immediate action to investigate and respond to this data breach, including removing the information and conducting an audit across other similar sites.
Our investigation showed that the source of the data was an event registration webpage that is no longer available. The information made available was name, email address and, in some cases, a contact phone number.
We sincerely apologise to all those impacted by this data breach and for any concerns this has caused. We are currently in the process of contacting all individuals whose information was made available to apologise to them and offer appropriate support. We are also contacting around 200 other individuals not connected to Swinburne who had registered for the event and whose information was also made available.
We have reported the breach to the Office of the Australian Information Commissioner (OAIC), followed by the Office of the Victorian Information Commissioner (OVIC), the Tertiary Education Quality and Standards Agency (TESQA) and the Victorian Education Department.
Swinburne is committed to protecting personal information. We have a proactive approach to cyber security and continue to strengthen our systems to prevent future incidents.