The University of Sydney is working to respond to a complicated situation discovered after a hacker defaced the university's main website and emailed the defacement to all students in January 2011.
While investigating how the front page of the university's website was defaced, detailed records on former and current students were discovered to be publicly available. The records, part of invoices generated for students using the Higher Education Contribution, contain student names, addresses, email addresses, enrolled courses and course costs.
University of Sydney Vice-Chancellor Michael Spence confirmed, in a letter to students, that the university had been made aware of the data breach back in 2007 and the problem had been corrected. However, according to Spence, a software update at some point inadvertently removed the fix and exposed the student information once more. As a result of the breach, New South Wales acting Privacy Commissioner John McAteer has launched an investigation into the University of Sydney incident to determine if the university had violated the NSW Privacy and Personal Information Act of 1998.
Given the mobility, ease of access and cross-platform nature, web applications are now extensively used within the universities. Typical examples include web-based campus e-mail system, online student information portal, online facility booking system and interactive teaching websites.