Melbourne Polytechnic has revealed it suffered a data breach in late 2018, with 55,000 files containing email addresses, passwords and financial and health information being accessed.
The institution was notified of the breach in late 2019 following an investigation by Victoria Police, with forensic ICT specialists and cyber security experts spending months to determine the extent and scale of the breach, according to Melbourne Polytechnic.
It was determined that the breach affected people including those who worked or studied at Melbourne Polytechnic before September 2018.
Following the investigation, the institution said Victoria Police charged an individual and the matter is now before the courts.
"Detectives from Darebin Crime Investigation unit have charged a man following an investigation into an alleged data breach," Victoria Police told ARN in a statement. "It is alleged the man gained unauthorised access to data from two higher education institutions between August and December 2018, and was also in possession of other unauthorised data.
"The 34-year-old Heidelberg Heights man was arrested on 11 October and charged with 12 offences, including unauthorised access with the intention to commit a serious offence, unauthorised access to restricted data, supplying identification information to commit an indictable offence and possession of identification with the intention to commit an indictable offence," Victoria Police added.
The individual has been bailed to appear at the Heidelberg magistrates court on the 19 March 2020.
Meanwhile, Melbourne Polytechnic has sent letters to breached individuals, providing individualised details about what information was taken. ARN understands that these letters were expected to arrive from 10 March.
In addition to the letters, Melbourne Polytechnic has set up a cyber support call centre, developed in partnership with Australian and New Zealand identify and cyber support service IDCARE.
Frances Coppolillo, CEO of Melbourne Polytechnic, offered her apologies to those affected and said the institution has conducted an independent review of its cyber security procedures and is implementing improvements to its IT systems.
“This data breach was highly complex in nature and it has taken many months to fully understand its scale and impact, including identifying the names and contact details of the people affected and the details of how they were impacted by the breach,” Coppolillo said.
“With the forensic analysis now complete, we have acted as quickly as possible to notify affected individuals and to support them to take the actions needed to protect themselves.
“I would also like to apologise for the length of time it has taken us to be able to share this information with the people concerned.”