Old-school thieving causes latest university data breach

By Cameron Abbott and Alyssia Totham

Thirty years’ worth of student data from the University of Western Australia (UWA) has been stolen. Archaic and unconventional in the world of cyber security and data protection, this data breach resulted from the theft of laptops from the University. The number of laptops stolen and the number of students affected remains undisclosed by the University.

The type of data stolen was dependent on student status – domestic or international – and varied from student name, date of birth, passport number, student identification number and Tax File Number.

UWA maintains that the laptops are password-protected, and that there is no indication that the data itself has been accessed or indeed, used. It is unclear whether this theft was opportunistic or deliberate, or if the goal was to take the laptops themselves or the data within them. It is entirely possible that the laptops could be wiped and sold for their commercial value. However, whilst the University maintains it is “improbable”, it is also entirely possible that the student data, in the hands of the thieves, could be used to replicate students’ identities.

In an era of entities employing more stringent data protection mechanisms, it is perhaps not so far-fetched and fanciful to contemplate that the ‘old-school’ physical theft of data surmounts these obstacles… that is, if the thief is sophisticated enough bypass the physical barriers in place.

This latest ‘loss of data’ incident serves as a timely reminder to strengthen the parameters which hold important and sensitive data; regardless of whether the data is held locally or virtually. In light of this incident, entities should review how their data is being stored, and if appropriate security is in place.

Copyright © 2019, K&L Gates LLP. All Rights Reserved.