Australian Privacy Exposure: September 21 2020

Misconfigured UTAS SharePoint site exposed 20,000 students’ details

Security settings allowed broad access to files.

University Statement: University of Tasmania Vice Chancellor’s Statement
Source: Misconfigured UTAS SharePoint site exposed 20,000 students’ details | iTnews
More reports from: iTnews.

The University of Tasmania has had to contact almost 20,000 students after their personal information was accidentally made accessible to all users with a UTAS email address.

The data that became accessible due to the breach varied for individual students but could have included birth dates as well as whether the student had a disability or identified as indigenous.

UTAS said the misconfiguration was active – and the files broadly accessible to anyone with a utas.gov.au email address – “from February 27 to August 11” of this year.

“The data, which is used to inform the ways the University supports students in their studies, contained personally identifiable information of 19,900 students,” it said.