Home / Education / Queensland Universities: Cybersecurity Lapses Expose Student Data
Queensland Universities: Cybersecurity Lapses Expose Student Data
18 Jun
Summary
- Cybersecurity threats at Queensland universities remain unresolved since 2021.
- Former employee access retained post-employment, exposing sensitive data.
- Universities, including QUT and Griffith, were recently hit by ransomware.
An audit has revealed persistent cybersecurity vulnerabilities at Queensland universities, leaving students and staff personal information at risk. Issues first identified in 2021 remain unresolved, with weaknesses in password protocols and access controls highlighted. The Queensland Audit Office report noted instances where former employees retained account access after leaving their roles, posing a significant risk.
These ongoing concerns were underscored by a recent global ransomware attack targeting a third-party educational management system. Queensland University of Technology, Griffith University, and the University of the Sunshine Coast were among those affected, leading to the compromise of personal data for students and staff. This attack also impacted the state's QLearn software, built on the same platform, threatening data across all state schools.
Despite these risks, Queensland universities reported a strong financial performance, with income increasing by approximately 5% from the previous year, largely due to international student enrollments. Most universities achieved a surplus, and the education department also reported a significant surplus of $169.6 million for the 2024-25 financial year.
