Monday 6 February, 9.33am (AEST)

Information updated: Monday 6 February, 9.33am (AEST)

QUT has experienced a cybersecurity incident on Thursday 22 December 2022. You will find latest news and regular updates for QUT Students and Staff on the Digital Workplace via the links below.

Students

Information for students about the impact of the cybersecurity incident, including key contacts, enrolment, units and courses, and supplementary/deferred assessments and exams.

Access dedicated information for students

Staff

Information for staff about the impact of the cybersecurity incident, including key contacts, recent developments, affected systems, and working arrangements.

Access dedicated information for staff

Media release - February 6, 2023

QUT has identified that some data was stolen in a cybercrime attack on December 22, 2022.

Firstly, QUT is disappointed and sorry that this cybercrime has potentially impacted on our staff and former staff. It is important to note the security of our HR, student or financial systems was not compromised or accessed by the cyber criminals. We also have no evidence to date of any further illegal activity in relation to the data that may have been accessed by the cyber criminals.

After detailed forensic analysis we did establish late last month that the cybercriminals managed to access a number of files on an internal storage drive, some of which included personal information of current and former employees and students.

What are the numbers impacted?

11,405 in total, 2492 current employees, 17 current students, 8,846 former employees, 50 former students were impacted. The information accessed included bank account numbers and in some cases tax file numbers.  Of the total of 11,405, tax file numbers were impacted for 3820 individuals.

What has QUT done?

The first phase of the response involved adding security measures including all students and staff resetting passwords, introduction of additional verification steps for those working and studying remotely, and careful restoration of affected systems after eliminating the offending ransomware. We have also implemented additional expert monitoring and validation mechanisms. At every stage of our response we have been in regular communication with staff and students and all relevant Queensland and Federal authorities.

For those individuals impacted by the data breach, we have notified the individuals by via email or mail, provided access to identity protection services, and counselling from experts and a dedicated staff help line. All current and former staff and students have received their notifications and more than 1,300 people have contacted QUT. If former staff are concerned, they may contact the cyber hotline on 07 3138 1940 or email cyberincident@qut.edu.au.

QUT Media contact

QUT Media: media@qut.edu.auAfter hours: 0407 585 901