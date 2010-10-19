In early November 2018, a sophisticated actor gained unauthorised access to the ANU network. This attack resulted in the breach of part of the network known as the Enterprise Systems Domain (ESD), which houses our human resources, financial management, student administration and enterprise e-forms systems.

By gaining access to ESD, the actor was able to copy and steal an unknown quantity of data contained in the above systems. There is some evidence to suggest the same actor attempted to regain access to ESD during February 2019, but this second attack was ultimately unsuccessful.

[...] At the time of the public announcement, ANU was not able to ascertain how much data or specifically which fields might have been accessed. As such it was assumed that all data, dating back some 19 years, had been potentially affected and reported as such to err on the side of caution. More recent forensic analysis has been able to determine that the amount of data taken is much less than 19 years' worth; although it is not possible to determine how many, or precisely which, records were taken. This analysis is based on duration of exfiltration activity and known, albeit incomplete, data volumes.

ANU worked closely with, and reported findings to, the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner (OAIC), before public notification. During the intervening two weeks between the detection of the breach and the public announcement on Tuesday 4 June 2019, we implemented a range of additional security controls inside ESD and the broader network – many of these activities were to expedite hardening measures already scheduled for implementation.