Students at the college training mid-career security and intelligence officials were among those hit in a cyber theft targeting the Australian National University and suspected of being orchestrated by China.
Subscribe now for unlimited access.
or signup to continue reading
Intelligence officials fear the large volume of personal details taken from the ANU, including 19 years' worth of data such as tax file and banking numbers, could be used to "groom" students as informants before they enter the public service.
The university confirmed on Wednesday the breach affected all its students and staff, including at the National Security College which trains intelligence, defence and security officials. However, it is understood the school holds no classified information.
Senior intelligence figures have been alarmed by the scale of the breach and the possible motivations behind it, and there are fears the data will be used to target students with the aim of making them informants as they move up through government agencies.
The public service also employs ANU alumni among all its ranks, including at the Defence Department and intelligence agencies. Intelligence officials fear the stolen data could be used to build profiles of existing public servants.
Federal government officials working in national intelligence, defence and security enrol at the National Security College, which runs intensive courses and postgraduate programs for public servants aiming to move into the senior ranks of their agencies.
Australian officials regard the hack, detected by the ANU in May and conducted late last year, as a major national event following breaches of Federal Parliament's computer network and the Liberal, Labor and National parties in 2018.
Authorities say the ANU attack - the second on the university in a year - was "sophisticated", indicating it was almost certainly a foreign government rather than a criminal group or politically motivated hackers.
READ MORE
While it is understood there is no clear evidence yet that Beijing is behind the attack, sources said China was one of only a handful of countries able to carry out such a breach while remaining undetected.
The university is also home to the School of Strategic and Defence Studies and the Crawford School of Public Policy, each with deep links to the Australian Public Service.
Intelligence officials are understood to hold a range of concerns about how the data could be exploited, including using it to build profiles of existing government officials based on their backgrounds.
Associate professor at RMIT's School of Engineering Mark Gregory believes the ANU should have managed its databases better.
"In this particular case it looks like the university has linked databases in a way that means that access into one database has given the hacker access to information that should have been partitioned in a more robust way," he said.
"The problem is that access to data can often lead to more data and you then have this cascading problem that you end up with where a hacker has gained access to more than would be considered reasonable."
Rachel Bahl at the National Tertiary Education Union said she had already been contacted by staff concerned about the hack and had since requested a meeting with the university.
- With Sally Whyte and Sherryn Groch.
