Western Sydney University involved in cyber incident

Western Sydney University's Kingswood campus. Photo: Megan Dunn.
Share this story

More than 7,000 people have been impacted by a major cyber breach at Western Sydney University.

The University (WSU) has notified individuals impacted by unauthorised access to its IT network earlier this year.

The intrusion was identified by in January 2024 and quickly shut down, and an investigation commenced and remediation measures were implemented.

“Since January 2024, the University undertook its due diligence to understand the nature, scope and scale of the incident, the number of individuals impacted, and to protect against further harm. This was also done in accordance with the University’s legal obligations,” WSU said in a statement today.

“The investigation has indicated that the earliest known unauthorised access to the University’s Microsoft Office 365 environment was on 17 May 2023 and included access to some email accounts and SharePoint files.”

Investigations also indicate that the University’s Solar Car Laboratory infrastructure may have been used as part of the incident.

“Monitoring and scanning indicates that the preventative measures taken as a part of the incident response have successfully prevented any further unauthorised access,” the statement said.

“The University is working with a range of authorities, including NSW Police whose investigation is ongoing. The University has also been in ongoing contact and working closely with the NSW Information and Privacy Commission.

“We are now in a position to notify impacted individuals. Overall, approximately 7,500 individuals have received notifications from today. If you are among those affected being contacted today, you will have received an official notification from the University either by telephone call, email, or both.

“The University is continuing to investigate the incident and if further persons are affected by the unauthorised access to the University IT network, they will be notified.”

WSU has received no threats or demands in relation to private information that was accessed.

“In order to protect University staff, students and stakeholders, the University has sought and been granted an injunction from the NSW Supreme Court to prevent access, use, transmission and publication of any data that was the subject of the incident,” the statement said.

Interim Vice-Chancellor, Professor Clare Pollock, said: “On behalf of the University, I unreservedly apologise for this incident and its impact on our community. It is deeply regrettable, and we are committed to transparently rectifying the matter and fulfilling our obligations. We appreciate that this may be upsetting, and we are here to support you as we work through this together. We have established a dedicated phone line and website to answer any questions you might have.”

Support services:

• Phone: 02 9174 6942 (Monday to Friday, 9.00am to 4.30pm AEST)
• Website: http://www.westernsydney.edu.au/cyberincident

Troy Dodds

Troy Dodds is the Weekender's Managing Editor and Breaking News Reporter. He has more than 20 years experience as a journalist, working with some of Australia's leading media organisations. In 2023, he was named Editor of the Year at the Mumbrella Publish Awards.

Share this story