Swinburne University has revealed that the details of more than 5000 staff and students were inadvertently made available on the internet.
In a statement on Friday, the university said it was alerted to the data breach last month and had immediately launched an investigation.
The data, which includes names, email addresses and phone numbers, is “event registration information from multiple events from 2013 onwards”.
Around 5,200 staff and 100 students, as well as some external parties, are believed to have been impacted by the data breach.
Swinburne said the investigation had traced the data to “an event registration webpage that is no longer available”.
“The information made available was name, email address and, in some cases, a contact phone number,” it added.
Swinburne said it had now removed the information from the internet and had conducted an “audit across other similar sites”.
“We sincerely apologise to all those impacted by this data breach and for any concerns this has caused,” the university said.
“We are currently in the process of contacting all individuals whose information was made available to apologise to them and offer appropriate support.
“We are also contacting around 200 other individuals not connected to Swinburne who had registered for the event and whose information was also made available.”
Swinburne said it had reported the breach to the Office of the Australian Information Commissioner and the Office of the Victorian Information Commissioner.
It has also notified the Tertiary Education Quality and Standards Agency and the Victorian Department of Education and Training.