Western Sydney University (WSU) has confirmed a data breach affecting over 7,500 students and staff. The unauthorized access was first identified in January 2024, though the earliest known access dates back to May 2023 via WSU’s Microsoft Office 365. Intruders accessed SharePoint files and emails, and the Solar Car Laboratory may have been involved in the incident. The university quickly shut down the network and launched an investigation.
WSU detected unusual activity on January 8, 2024, through a compromised global administrator account, which was promptly disabled. No threats or demands have been received by the university regarding the exposed private information. WSU has informed the impacted individuals and is cooperating with NSW Police and the NSW Information and Privacy Commission as the investigation continues.
Interim Vice-Chancellor Professor Clare Pollock issued an apology to those affected by the cyber breach, expressing regret and committing to rectifying the situation transparently. WSU has established a dedicated phone line and website to support the affected community and address any concerns.
The university’s swift response included disabling the compromised account and implementing measures to prevent further breaches. The ongoing investigation aims to understand the extent of the breach and ensure the security of the university’s IT network. WSU is dedicated to supporting its community through this challenging time.