[Linux-aus] Linux Australia Council response to ANU data breach

Tue Jul 16 21:11:56 AEST 2019

Dear Colleagues,

On 4 June 2019 the Australian National University (ANU) disclosed a significant data breach involving its systems[1].  While the full extent of the compromise is subject to ongoing investigation, it seems that a large number of people who have had dealings with ANU over the past 19 years may have had personal information stolen.

Linux Australia does not store any of its information on ANU systems.

While Linux Australia’s servers are located in an ANU data centre in Canberra, they are not within ANU’s Corporate or Campus networks and have their own address space external to these networks. There is no indication the Linux Australia servers have been compromised either as a part of, or as a result, of the ANU data breach.

Linux Australia has held two linux.conf.au (LCA) conferences at ANU over the past 19 years: in 2005 and 2013. All aspects of the LCA conference itself are managed by Linux Australia on its own systems. This information is therefore not subject to the ANU data breach. However, a number of LCA attendees in 2005 and 2013 chose to stay at ANU student accommodation. This accommodation is managed by ANU. It is therefore possible that some personal details provided to the ANU accommodation services by these attendees may be subject to the ANU data breach.

Initial inquiries have been made by Linux Australia to clarify the extent to which LCA conference attendees might have been exposed  to the data breach. Our present understanding is as follows.
ANU may have been given the names of conference delegates who stayed at ANU accommodation in 2005 and 2013, although there is no evidence that this occurred. If the information was provided it may have been included in the data breach.
Detailed information about LCA attendees staying at ANU accommodation (including payment methods) was held by the colleges. ANU have advised Linux Australia that the colleges were not included in the data breach.
For attendees who did not stay in ANU accommodation, no  information would have been passed to ANU; therefore they would be unaffected by the data breach.

For those members who wish to make their own enquiries, the ANU has set up a telephone help line for such purposes (1800 275 268).  Alternatively, questions may be sent via email (helpline at anu.edu.au). 

[1] The full text of the Vice Chancellor’s message can be viewed at
https://www.anu.edu.au/news/all-news/message-from-the-vice-chancellor

If you have any questions or concerns please do not hesitate to contact Council via council at linux.org.au or myself directly.

Thanks,

Sae Ra
--   

Sae Ra Germaine
President
Linux Australia

president at linux.org.au
http://linux.org.au

Linux Australia Inc
GPO Box 4788
Sydney NSW 2001
Australia

ABN 56 987 117 479
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linux.org.au/pipermail/linux-aus/attachments/20190716/fed429a8/attachment.html>