In response to the recent cyber security incident, The University of Notre Dame Australia has conducted a detailed review of its IT systems to determine whether any personal information was impacted.
As part of that review, we have now determined that Tax File Numbers (TFNs) held on a small number of local file servers were affected.
We have been working with the Australian Taxation Office (ATO) to put protective measures in place for the impacted TFNs, including ongoing monitoring to detect and prevent potential misuse. As the ATO has put these protective measures in place, no further action is required by individuals.
If you wish to contact the ATO to discuss your individual circumstances, you can do so by calling 1800 467 033 (available 8am to 6pm AEDT, Monday to Friday).
The University understands that this news will be of concern to our community and we apologise for any worry it may cause. We also want to assure you that we are putting in place measures to mitigate any potential risks.
Further Actions the University has taken in response
The University has engaged specialist help to monitor the dark web for any indication that the data may have been published online. To date, there is no evidence that this has occurred. We continue to actively monitor the situation.
Out of an abundance of caution, the University also obtained a legal injunction, which makes it a criminal offence to access, disseminate, or share this data if the perpetrator publishes it.
A dedicated helpline has also been established by the University, should staff or students have any additional questions. The helpline number is 1800 958 552.
As part of our response, the University has also notified the Office of the Australian Information Commissioner and continues to work with the relevant authorities in response to this incident, including the Australian Cyber Security Centre, the National Office of Cyber Security and other government and statutory entities.
We recommend all our community remain aware of the potential risk of scams and provide the following general cyber safety guidance.
Cyber safety guidance
Phishing Emails
- Remain vigilant against the risk of phishing emails and scams.
- Do not share your personal information with anyone unless you are confident about who you are sharing it with.
- Scam calls can appear to come from legitimate local numbers, claiming to be from reputable organisations and creating urgency to obtain sensitive information or funds.
- Phishing emails can also appear to come from legitimate email addresses, with minor variations – so always carefully check the email sender address.
Website Guidance
- When on a webpage asking for your login credentials, take note of the web address or URL ('Uniform Resource Locator'). The URL is located in the address bar of your web browser and typically starts with [https:]https://.
- If you are suspicious of the URL, do not provide your login details. Contact the entity through the usual channels to ensure you are logging into the correct web page. Please note that we will never contact you to ask for your username or password or your payment details.
Security
- Ensure you have up-to-date anti-virus software installed on any device you use to access your online accounts.