An investigation has found the University of Sydney failed in its obligations by not securing students’ private details on its website.
A section of the university’s website was shut down in January after it was found sensitive information could be obtained by entering a student’s identification number.
No password was required to access the name and address of the student, along with the subjects they were enrolled in and the fees they owed the university.
The Acting New South Wales Privacy Commissioner, John McAteer, has found the university breached the Privacy Act by failing to have reasonable safeguards to protect the data.
The university admitted a software update removed a security patch added after a similar incident four years ago.
Read more on ABC (AU). And no, there are no real consequences to the university because, by golly, they responded quickly once they learned of the problem. Grrrr.