Malware
Catastrophic Data Breach at Western Sydney University Unveils Confidential Student Information
Discover a data breach that exposed sensitive information of Western Sydney University students. Learn how the breach occurred and the steps taken by the university to address the issue, ensuring the protection of its student’s data. Stay informed about cybersecurity threats and the importance of safeguarding personal information.
Recently, Western Sydney University (WSU) informed students and staff about a data breach that occurred when hackers made their way into the university’s Microsoft 365 and SharePoint environment. As an educational institution in Australia with a wide range of undergraduate, postgraduate, and research programs, WSU has a large user base with 47,000 students and over 4,500 regular and seasonal staff, all operating under a $600 million (USD) budget.
What happened during the breach?
In a public statement, WSU revealed that unauthorized access to their Microsoft Office 365 environment, which included email accounts and SharePoint files, was first detected on May 17, 2023. Further investigations indicated that the university’s Solar Car Laboratory infrastructure may have been used as part of the incident.
The type of data exposed depends on the content of individual email communications and documents stored in the SharePoint environment. This breach was only discovered in January 2024, and since then, WSU’s IT team has shut down the unauthorized access and launched an internal investigation. They’ve also enlisted the help of specialists from the NSW Police, CrowdStrike, and CyberCX.
How many people were affected?
So far, the investigation has confirmed the impact on approximately 7,500 individuals, who will soon receive personalized notices via email and phone. However, this number may change as investigations are still ongoing. WSU has not provided many details about the nature of the security incident, but it does not appear to involve system encryption or extortion based on threats to leak stolen data.
It’s important to note that there have been no threats received by the university to disclose any of the private information that was accessed, and WSU has not received any demands in exchange for maintaining privacy.
What’s the impact on WSU’s operations?
Fortunately, the university’s core operations have not been significantly impacted. Thus, the incident is not expected to disrupt classes, exams, registrations, or research programs. WSU has evaluated the security measures introduced post-compromise as adequate to prevent the re-occurrence of similar incidents.
Moreover, the university has been granted an injunction from the NSW Supreme Court to prevent the dissemination of any data that was accessed or stolen during the attack. While threat actors do not usually care about court injunctions, it’s likely that this measure was also used to prevent the media or others from publishing any stolen data they receive.
Who’s responsible for the attack?
At this time, no ransomware or extortion groups have claimed responsibility for the attack on WSU, so the perpetrators remain unknown. Impacted students and personnel can get support through a dedicated phone line and monitor this page for updates. Additionally, Australia’s national identity and cyber support service, IDCARE, is also engaged.
Stay informed and protect yourself
This incident serves as a reminder of the importance of staying informed and taking the necessary precautions to protect your personal information. We encourage you to reach out to our team at IT Services for guidance and education on cybersecurity best practices. Together, we can help ensure your online safety and prevent future incidents like this from happening.