Thieves broke into the University of Western Australia and stole an undisclosed number of laptops containing “fragmented” student data stretching back 30 years.
The break-in and theft from an administrative building actually occurred “in late June” but was only publicly disclosed as a potential “data loss incident” on Saturday morning, around a month after it happened.
Vice-Chancellor Professor Dawn Freshwater said in an email to students that the laptops contained “fragmented data relating predominantly to people who applied to study at UWA between 1988 and January 2018” stored locally on the machines.
“The bulk of this data relates to Australian citizens or residents and includes tax file numbers (TFN) and student identification numbers, and in these cases while some names and contact information are spread across the laptops, they are not directly linked to the TFNs or student IDs,” she said.
International students that applied to study at UWA “between September 2014 and December 2018” had a wider variety of information stored on the stolen machines.
This included personal details, passport numbers, and Visa status and numbers, which were given to the university to obtain a confirmation of enrolment, Freshwater said.
The university said that “no credit card details, bank information or medical records are included” in either dataset.
In an FAQ, UWA claimed it was “improbable” that identity theft could result from the laptop theft and said there was “no indication that any data has been accessed or used.”
However, UWA noted it “is difficult to determine if an unauthorised individual will eventually access the data on the stolen laptops, as the intention of the theft is unknown.”
The laptop fleet was described as “university-owned” and “password-protected”.
“UWA moved quickly to reset passwords where necessary and to make it impossible for the stolen devices to be connected to the University network,” it said.
The university had also responded by “strengthening building and data security where possible.”
Authorities including WA Police and the Office of the Australian Information Commissioner (OAIC) have been notified.
“The university is continuing efforts to track the stolen equipment,” it said.
