The Australian National University (ANU) said it detected the breach two weeks ago and is working with security agencies to investigate further.
In a statement, Vice Chancellor Brian Schmidt said, "We believe there was unauthorized access to significant amounts of personal staff, student and visitor data extending back 19 years. Depending on the information you have provided to the University, this may include names, addresses, dates of birth, phone numbers, personal email addresses and emergency contact details, tax file numbers, payroll information, bank account details and passport details. Student academic records were also accessed. "
The systems that store credit card details, travel information, medical records, police checks, workers' compensation, vehicle registration numbers, and some performance records have not been affected, he said. "We have no evidence that research work has been affected."
ANU has taken immediate precautions to further strengthen IT security and is working to reduce the risk of future intrusion, including The Chief Information Security Officer, who will be issuing advice shortly on measures that can be taken to better protect systems.
This is not the first time ANU has been targeted. Last year, they had an incident and put in place many upgrades to their systems.
"We must always remain vigilant, alert and continue to improve and invest in our IT security," said the Vice Chancellor.