QUT said 11,405 individuals had their data breached in a December cyber attack, higher than initial estimates of around 2500 individuals.
In a revised statement, the university said the breach affected 2492 current staff and 8846 former staff.
It also impacted a small number of students – 17 current students, and 50 former students.
Data that may have been breached included bank account numbers, and for 3820 individuals, their tax file numbers.
Those affected are being contacted so that the university can provide them with ID protection services, expert counselling, and there’s a dedicated staff help line.
The university said all those affected have now been contacted.
According to the ABC, the cause is a ransomware attack. The university has linked the attack to the Royal ransomware variant.
The attack led QUT to take its Blackboard teaching system offline, along with various staff systems including its Cisco-based remote access network, network storage, and printers.
“The first phase of the response involved adding security measures including all students and staff resetting passwords, introduction of additional verification steps for those working and studying remotely, and careful restoration of affected systems after eliminating the offending ransomware,” the university said.
“We have also implemented additional expert monitoring and validation mechanisms.
“At every stage of our response we have been in regular communication with staff and students and all relevant Queensland and federal authorities.”