ANU releases detailed account of data breach

The Australian National University (ANU) has today released a comprehensive public report into the late-2018 data breach announced on 4 June this year.

The report is the culmination of months of investigation into the hack and has been shared with all ANU staff, students, alumni and wider community.

It outlines the incredible level of sophistication behind the hack as well as a detailed timeline of what happened and when.

ANU Vice-Chancellor Professor Brian Schmidt said he was committed to making the University’s findings available to the entire ANU community.

“I want to be as transparent with my staff, students, alumni and wider community as possible about what happened, how it happened and why it happened,” Professor Schmidt said.

“And by doing so, I also want to encourage disclosure of these attacks more broadly.

“Most importantly, I wish to once again apologise to the victims of this data breach: our community. We are doing everything we can to stop this from happening again.”

Professor Schmidt said the report shows the hack was so sophisticated it “has shocked even the most experienced Australian security experts”.

“This wasn’t a smash and grab. It was a diamond heist,” Professor Schmidt said.

“It was an extremely sophisticated operation, most likely carried out by a team of between five to 15 people working around the clock.

“It’s likely they spent months planning this. They were organised and everyone knew their role.

“They evolved. They used custom-built malware and zero-day hacks to exploit unknown vulnerabilities in our system.

“They dismantled their operations as they went to cover their tracks.

“They brought their A team.

“This was a state of the art hack, carried out by an actor at the very top of their game and at the very cutting edge.”

Professor Schmidt said the University was investing in information security technology, processes, culture and leadership.

“We are working constantly to ensure the protection of the data that people entrust to us,” he said.

“And we are investing heavily in measures to reduce the risks of this occurring again, including a multi-year information security investment program.

“But we must all remain vigilant and follow the advice of security experts to protect our personal information.”

The Vice-Chancellor said he hoped the ANU report also helped better prepare other organisations confronting a complex and constantly evolving cybersecurity landscape.

“I have made this report public because it contains valuable lessons not just for ANU, but for all Australian organisations who are increasingly likely to be the target of cyber attacks,” Professor Schmidt said.

“It is confronting to say this, but we are certainly not alone, and many organisations will already have been hacked, perhaps without their knowledge. I hope this report will help them protect themselves, and their data and their communities.”

The full report is available at:

Audio and VNR content of ANU Vice-Chancellor Professor Brian Schmidt is available at:

For media assistance, contact James Giggacher +61 436 803 488 or the ANU Media Team on +61 2 6125 7979 or at  

About The Australian National University

ANU is a world-leading university in Australia’s capital city, Canberra. Our location points to our unique history, ties to the Australian Government and special standing as a resource for the Australian people.

Our focus on research as an asset, and an approach to education, ensures our graduates are in demand the world-over for their abilities to understand, and apply vision and creativity to addressing complex contemporary challenges.

The Australian National University
East Road, Acton
2601 Canberra