The Web site of University of Sydney was sabotaged and altered by a cybercriminal, which caused the leak of confidential student information.
Names, residential address, e-mail addresses, details of enrolled courses and costs related to thousands of students have been reported to be leaked by the hacker, who identifies himself as Evil.
The security flaw in the site enables any person with knowledge of a student ID number to gain access to details of several students by altering the ID number in the URL of the page.
Security at the University has blocked access to the vulnerable part of the site after discovery of the leak. The office of the New South Wales Privacy Commissioner is also investigating the data breach incident.
Read more here.