Details of thousands of University of Sydney students past and present are being stored online where they can be easily downloaded and read via an internet connection. Details openly available on the university site include a student’s full name, residential address, email address, which courses he/she studied and how much the course cost. It is understood the university was told about this security threat in February 2007, but did not move to secure the information. NSW acting privacy commissioner John McAteer said he would investigate the matter if it was formally reported to him.
Source: https://thehackernews.com/2011/01/university-of-sydney-failed-to-secure.html