Some 22,300 purported student and staff records held by the Australian Defence Force Academy were stolen and published online last month. A member of the Anonymous group, known as Darwinaire, is claiming responsibility for the theft.
The systems were compromised in November, with UNSW notifying staff and students within a day, but has only now come to light. Among the victims are hundreds of senior officers in the army, navy and air force, as well as military personnel from other nations who are enrolled at the academy.
Hacker express the lack of security as ''I know, right, very surprised I didn't get kicked out. So simple, took like three minutes,''.
The University of Canberra in which the ADFA resides had warned students of possible phishing attacks but said the compromised passwords were mostly redundant.
Darwinare, who describes himself as ''black hacker'', has previously breached the networks of online bookstore Amazon and at least two American universities.
A spokesperson for the Department of Defence said UNSW had taken "steps to mitigate the impact of the data breach and reduce the possibility of further data breaches.".
"The university also worked with Defence to ensure former military students and staff were made aware of the breach," the spokesperson said.