On the Australian National University Breach

Hackers obtained personal details, including names, addresses, payment cards and other payment information of overseas students’ union leaders from the Australian National University (ANU).

First Published 10th June 2019

On the Australian National University Breach

Foreign relations between China and Australia - in happier times.

4 min read  |  Reflare Research Team

Early this week, the Canberra-based Australian National University reported that it had fallen victim to a data breach. The breach follows the pattern of targeted attacks against academic institutions which we have reported on in the past. In this briefing, we will take a look at what happened, what the breach means for academia in general and what attackers may be after.

What happened?

According to the current state of the investigation, attackers began breaching the university’s systems at some point in 2018. During the time that they went undetected, the attackers managed to access personal information including names, addresses, payment details and other payment information, passports and similar personal data of staff, students and visitors extending back 19 years.

Who is behind the attack?

According to the Sydney Morning Herald, unnamed intelligence officials have pointed the blame for the attack at Chinese hackers, likely acting on behalf of their government. While this scenario makes sense, it is extremely difficult to establish solid proof in cases like this one.

Still, for all practical purposes, we expect the Australian institutions to base their responses to this incident on the assumption that China was behind it.

What were the attackers after?

While academic institutions offer a treasure trove of relatively weakly guarded information including personal data, research results and protected intellectual property, these may not have been the primary target in this particular breach.

According to intelligence officials, the close links between the Australian National University and government agencies mean that many of the university’s graduates are now working in government capacities. The personal information stolen may be used to contact such individuals and turn them into informants. This can happen either by offering material or ideological gain or by using compromising / embarrassing information to extort them.

This risk is especially severe since the university also houses the School of Strategic and Defence Studies and the Crawford School of Public Policy - both of which produce graduates that go on to work in strategically valuable positions.


Cyber attacks against academic targets will continue to happen since they offer a relatively high payoff and are relatively weakly protected. In addition to confidential information, access to alumni may be valuable to some attackers.

In terms of why governments cannot perfectly protect themselves and academic institutions from cyber attacks, an unnamed but quoted spokesperson for the Australian Cyber Security Centre put it succinctly:

“Unfortunately, a malicious actor with sufficient capability, time and resources will almost always be able to compromise an internet-connected computer network.”

Subscribe by email