Concerns over the University of Sydney’s data management have been raised after a database of UniKeys was found to be openly accessible to students.
Until last Friday, the University’s Services Portal provided access to a searchable list of UniKeys indexed to their owners. This includes those of undergraduates, postgraduates, recent graduates, professional and teaching staff, and management.
While not sensitive information in itself, a UniKey is a unique identifier which could expose individuals to identity theft and unauthorised access to personal data.
“It’s pretty easy to manipulate,” one student said. “If someone gets access to someone’s University account, they can do things like email spoofing or access bank account details, HECS debt, and other personal information.”
For more information, Click here.