The personal data of staff, students and visitors to the Australian National University dating back almost 20 years has been accessed by hackers.
The university's systems were accessed in late 2018, but the institution only realised the breach two weeks ago.
"We believe there was unauthorised access to significant amounts of personal staff, student and visitor data extending back 19 years," Vice-Chancellor Brian Schmidt said on Tuesday.
Information that has been accessed includes some names, addresses, dates of birth, phone numbers, personal emails, tax file numbers, bank account details, passport details and student academic records.
The hacking did not affect credit card details, travel information, medical records, police checks, workers' compensation, vehicle registration numbers and some performance records stored by the university.
Shadow treasurer Jim Chalmers, a former student of the ANU, said the breach was very concerning.
"It appears to be quite a serious hack," he told reporters in Brisbane.
"No doubt more details will be discovered as the police go about their work, and we'll wait to see the conclusions of that investigation."
Another former ANU student and academic, Labor MP Andrew Leigh, said such attacks were unfortunately becoming a fact of life, following attacks on the Bureau of Meteorology and Parliament House's computer network.
"This is the new reality we live in," he told AAP.
The Australian Cyber Security Centre is working with the university to secure networks, protect users and investigate the extent of the breach.
It believes the attack was the work of a "sophisticated actor".
"This compromise is a salient reminder that the cyber threat is real and that the methods used by malicious actors are constantly evolving," a spokesperson told AAP.
"Proper and accurate attribution of a cyber incident takes time and any attribution would be done in a measured fashion.
"Unfortunately, a malicious actor with sufficient capability, time and resources will almost always be able to compromise an internet-connected computer network."
The hack is the second ANU has suffered within a year, with the institution confirming in July last year it was working to "contain a threat to IT within the university".
No staff, student or research information was taken on that occasion, the university said at the time.
System upgrades that ANU undertook after that incident had allowed it to detect the latest incident, Professor Schmidt said.
"We must always remain vigilant, alert and continue to improve and invest in our IT security."
The university has set up a confidential direct help line - 1800 275 268 - for anyone seeking more information or with particular concerns.
"I know this will cause distress to many in our community and we have put in place services to provide advice and support," Professor Schmidt said.
The university's chief information security offer has also issued a range of advice, including resetting passwords and being cautious about opening some emails.
Australian Associated Press