An investigation is under way into a data breach that impacted an online examination tool used by educational establishments around the world.
The breach affected users of software made by American company ProctorU to provide live and automated online proctoring services for academic institutions and professional organizations.
According to Honi Soit, a database of 440,000 ProctorU user records was published by hacker group ShinyHunters over the past week along with hundreds of millions of other user records. ProctorU user data exposed includes usernames, unencrypted passwords, legal names, and full residential addresses.
Among the records are email addresses belonging to the University of Sydney, the University of New South Wales, the University of Melbourne, the University of Queensland, the University of Tasmania, James Cook University, Swinburne University of Technology, the University of Western Australia, Curtin University, and Adelaide University.
A spokesperson for the University of Sydney said that ProctorU had confirmed on Thursday that an investigation into the confidential data breach had been launched.
According to the spokesperson, the data exposed relates to ProctorU users who registered on or before 2014.
"We met with ProctorU’s CEO and compliance officer today, who confirmed they are investigating a breach of confidential data relating to users of their service," said the spokesperson.
"Any breach of security and privacy of this type is of course deeply concerning, and we will continue to work with ProctorU to understand the circumstances of the breach and determine whether any follow-up actions are required on our part."
The University of Sydney doesn't believe any current students are affected by the data breach, as the university only began using ProctorU's services in 2020 in response to the COVID-19 pandemic. However, after learning about the breach, the establishment will be "reviewing our experience of online exams and proctoring this year to inform our approach to assessments in 2021."
A spokesperson for Swinburne University of Technology in Victoria said that it has launched its own investigation into the breach, which has impacted a small number of its students.