Western Sydney University in Australia recently disclosed a significant cyber incident in which a threat actor gained unauthorized access to sensitive data. The breach occurred on August 14, 2024, when the attacker exploited an IT account, allowing them to access and exfiltrate information from the university’s Student Management System and other back-end data storage systems. It was not until August 27 that the breach was detected, and by August 31, the university managed to contain the access. The investigation revealed that the compromised data included a wide range of personal information such as names, addresses, university-issued email addresses, student identification numbers, tuition fee information, and demographic details including nationality and citizenship status.
The university has indicated that the methods used by the threat actor were sophisticated, suggesting that the attack was specifically targeted at its systems. In response to the incident, Western Sydney University is implementing a range of enhanced cybersecurity measures. These measures include the introduction of new firewall protections, rolling out password resets for affected users, increasing the capacity of its cyber team, and implementing 24/7 monitoring and improved detection systems. During this upgrade period, the university has warned that its IT network may experience disruptions, emphasizing the need for robust security in the wake of the attack.
To protect the integrity of its data and the privacy of its students, Western Sydney University is working closely with various authorities, including the National Office of Cyber Security and the Australian Federal Police. The institution has also sought an interim injunction from the New South Wales Supreme Court to prevent the access, use, transmission, and publication of any exfiltrated data from this incident and other breaches that occurred earlier in the year. The university is taking these legal measures as part of its effort to safeguard the information of its community and prevent further unauthorized disclosures.
This cyber incident is not the first the university has faced this year. In May, the institution revealed a separate intrusion into its Microsoft Office 365 environment, which was quickly contained, although investigations showed that access had occurred earlier in May, impacting approximately 7,500 students. Following these incidents, the university has committed to ongoing investigations and has invested in additional remediation measures to strengthen its cybersecurity posture. Monitoring efforts suggest that the recent enhancements have successfully prevented further unauthorized access, but the university remains vigilant in its efforts to protect its digital infrastructure.
Reference: