Universities across Australia have launched investigations after a controversial online exam tool was hacked and the personal records of students were stolen and leaked on the internet.
ProctorU is an online tool that allows students to be remotely supervised while taking exams at home during the coronavirus crisis.
The University of Queensland student union in late April raised concerns about personal data being gathered by the ProctorU software, as well as students being filmed at home.
Now, personal records of 444,000 ProctorU users have reportedly been obtained in a data breach and leaked online in hacker forums.
It is not known how many Australian students or university staff were impacted by the breach, but the University of Melbourne, the University of Sydney and Swinburne University have all confirmed they are now investigating.
ProctorU's privacy policy states that it "does not use any test-taker's personal information for any purpose other than for facilitating the proctoring of online exams".
"We never sell personal information to third parties," the policy reads.
However, ProctorU's privacy policy also acknowledges that data may be transfered to a third party in the "event of a bankruptcy, merger, acquisition, reorganization, or similar transaction".
A spokesperson for the University of Sydney said the hack was "deeply concerning".
The university met with ProctorU's chief executive and compliance officer on Thursday to discuss the "breach of confidential data relating to users of their service".
"We understand the data relates to people who were registered as users of ProctorU’s services on or before 2014. We don’t believe our current students are directly impacted by this breach as we began using ProctorU’s online proctoring services in 2020, in response to the COVID19 pandemic.
"Any breach of security and privacy of this type is of course deeply concerning and we will continue to work with ProctorU to understand the circumstances of the breach and determine whether any follow-up actions are required on our part."
A University of Melbourne spokesperson characterised the hack as a "cyber-security issue", while Swinburne University said it was investigating a "data breach from a third-party provider".
"At this stage, we understand that only a small number of Swinburne Online students have been impacted, and have commenced our own independent investigation," a Swinburne spokesperson said.
“Swinburne Online is proactively contacting the student community to inform them of the breach and advising them to update their security details. The safety, wellbeing and privacy of Swinburne students and staff is our priority and we will continue to inform our community of any updates to this situation."
Some 4,000 University of Queensland students signed a petition in late April calling on the university to bin the ProctorU software.
The University of Queensland said it has not been affected by the hack. UNSW, which uses the software, said no UNSW student records were included in the hacked database.
ProctorU has been contacted for comment.
