University of Sydney Suffers Third-Party Data Breach
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
In the last week of August, University of Sydney disclosed a data breach incident, impacting the recent international students and applicants. The attack is said to have occurred at one of its third-party service providers.
Established in 1850, the University is among the top 20 educational institutes in Australia with 74,000 students and 8,100 academic and operations staff.
According to the published notification , only a limited number of international students that had either applied or enrolled to the University have had their personal information exposed. None of the domestic students, staff, alumni, or donors were impacted, revealed the preliminary investigation.
“The issue was isolated to a single platform and had no impact on other university systems. There is currently no evidence that any personal information has been misused. We are working to contact impacted students and applicants and will continue to monitor our systems,’’ it added.
Details about either the attack, supply chain vendor, or threat actors were not revealed in this notice. Neither was any information revealed about the number of applicants impacted nor details about the compromised information. However, the University announced that it had taken the necessary measures to mitigate the attack and secure its systems.
It had informed the relevant cybersecurity authorities and notified the New South Wales privacy commissioner. Additionally, it advised the affected individuals to reach out to the University and refer to its list of cybersecurity best practices , available on the University webpage, for students.
Students can also email to ict.support@sydney.edu.au for any questions or report any suspicious activity, like phishing or identity theft.
The recent months have witnessed an increase in cyberattacks on higher educational institutions across the world. The previous two months saw an attack on the University of Michigan and Manchester. In both the incidents, either there was a disruption in operations or extraction of data by threat actors.
Freecycle Data Breach May Have Impacted Millions of Users
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
Non-profit organization Freecycle announced that it had suffered a data breach incident last month. The announcement posted on its homepage states that it became aware of the attack on August 30 and as a result advises its members to change their passwords.
The US-based Freecycle Network is used by millions of people across the world to recycle used items. The organization claims to have over 9 million members across 5,000 towns worldwide.
According to the notification , it had already notified about the data breach to the concerned US authorities and UK’s data protection regulator, Information Commissioner’s Office (ICO). The organization is registered as a charity organization in the UK.
Freecycle’s disclosure confirms the authenticity of the sample data posted on a hacking forum in June 2023. The data set was said to contain login credentials of around 7 million members. The organization’s internal investigation reveals that the stolen information includes, ‘’usernames, User IDs, email addresses and hashed passwords’’.
‘’Because of the exposure of personal passwords we are taking every measure to quickly inform members about the need to change their passwords,” the notice read.
“If you have used the same password elsewhere, you are well advised to change the password there as well. No other personal information was compromised and the breach has been closed and is being reported to the respective privacy authorities.”
In addition to the notice on its website, the company is urging grassroot volunteer moderators to reach out to other members regarding the data breach and password reset information.
The organization has provided password reset solutions to members:
- Visit https://www.freecycle.org/home/settings/ and go to My Settings and select Password Reset option.
- Visit https://freecycle.org/login?reset-password and request a password reset link via email.
Although no financial information was breached, the compromised users are still vulnerable to account hijacking and phishing attacks, especially where similar credentials have been used.
