So, after reading the email, am I compromised?

[ChrisGreaves]

An email purporting to come from The University of Western Australia (1964-67 and 73-74) tells me that security is breached.

I am not particularly worried, but am puzzled for two reasons:-

(1) If security is breached, how can I be sure that the email is not a phishing scam? The email address is "alumnirelations@uwa.edu.au", but then most people that get sucked in are fooled by an apparently benign email address.

(2) The text body includes the following text:-
The data that has been accessed is student information held in Callista and not other current information held in other UWA systems, including our alumni database. It includes names, student IDs and images, date of birth and contact details as well as course details and unit grades of current and former students. No credit card details, tax file numbers, bank information or medical records are included in Callista.

My logic applies the "not" operator to "including our alumni database", thus The data that has been accessed is not ... including our alumni database
Not including our database.
But I am thrown by that comma, and could interpret the text as The data that has been accessed is student information ... including our alumni database.

I had expected the vice-chancellor to have either a better command of logic, or at least a friend in the IT department.
(signed) "Curious" of Bonavista.

[HansV]

Did you hover the mouse pointer over the sender address to check the 'real' sender address? If it is what you reported, it appears to be OK: the URL of the University of Western Australia is https://www.uwa.edu.au.

The comma looks like a mistake, but ...

[StuartR]

My goodness, that comma is doing a lot of work. I think that either reading of that email is valid.

[ChrisGreaves]

Did you hover the mouse pointer over the sender address to check the 'real' sender address? If it is what you reported, it appears to be OK: the URL of the University of Western Australia is https://www.uwa.edu.au.

The comma looks like a mistake, but ...

Thank you, Hans.
Hovering over the address does nothing for me (Thunderbird 91.11.0 64-bit), but yes, the url is valid according to my other data.

Of course, paranoid-me says "What if some brilliant IT student has managed to create themselves a fake address within the UniWA's URL?"

It was the effect of that comma on my brain that triggered my puzzlement.
Cheers, Chris

[ChrisGreaves]

My goodness, that comma is doing a lot of work. I think that either reading of that email is valid.

Thank you, Stuart.
If you want the job of vice-chancellor of Uni WA I will be happy to write a character reference ...
Cheers, Chris