Western Sydney University (WSU) in Australia disclosed two security incidents exposing personal information of its community. The incidents affected around 10,000 students, both current and former, and involve breaches that occurred in 2025 and 2024. WSU, a major Australian educational institution with over 47,000 students, took immediate action when the breaches were detected. The first breach, affecting a single sign-on system, was discovered between January and February 2025 and involved demographic and enrollment data.
The second incident, involving a data leak on the dark web, was discovered by WSU in March 2025, though the data was posted in November 2024. While details of the leak are unclear, it’s believed to be similar to information stolen in previous breaches. WSU experienced another significant breach in May 2023, where hackers accessed sensitive data such as contact details, health information, and financial data from email and SharePoint accounts. The breach lasted several months, with hackers maintaining access from July 2023 until March 2024.
The stolen data is being reviewed, but it is uncertain whether the dark web leak relates to the May 2023 breach or a separate event.
In addition to the investigation, WSU is working on strengthening its digital security systems to prevent future breaches. Vice-Chancellor and President George Williams acknowledged the ongoing impact on students and staff, apologizing for the disruption.
He emphasized that WSU is committed to improving its cybersecurity efforts and protecting its community’s personal information.
As investigations into both security incidents continue, the university remains focused on mitigating further risks. The breaches have raised concerns regarding the security of personal and academic data within academic institutions. WSU’s team is actively responding to the situation and working with external cybersecurity experts to assess the full scope of the incidents. The university has promised to provide further updates to the affected community once more information is available.
Reference:
