Western Sydney College discloses security breaches, information leak

Western Sydney College (WSU) introduced two security incidents that uncovered private info belonging to members of its neighborhood.

WSU is a outstanding Australian establishment providing numerous undergraduate, postgraduate, and analysis applications throughout a number of disciplines.

It serves a scholar physique of 47,000 and employs over 4,500 everlasting and seasonal workers, working with an annual funds of roughly $600 million.

One of many incidents disclosed issues the compromise of one of many College’s single sign-on (SSO) methods between January and February 2025.

This breach has reportedly led to the unauthorized entry of demographic, enrollment, and development info for roughly 10,000 present and former college students.

The college states that it took rapid motion to dam the attacker as soon as it turned conscious of the breach, and investigations into the incident are ongoing.

The second cybersecurity incident issues a leak on the darkish net of non-public info belonging to members of the College’s neighborhood.

Though that hackers revealed the information on November 1, 2024, WSU solely turned conscious of it this yr on March 24.

The attacker’s wording within the submit is obscure, however the college’s announcement mentions that it “broadly displays the identical sorts of private info outlined in earlier cyber notifications.”

Between the security incidents, the tutorial institute suffered one other data breach in Could 2023, which it found and disclosed it a yr later, informing its neighborhood that hackers had accessed its Microsoft Workplace 365 atmosphere, together with e-mail accounts and SharePoint information.

That incident was later estimated to have impacted 7,500 people, exposing names, contact particulars, dates of start, well being info, authorities ID numbers, and checking account info.

The investigation revealed that the hackers maintained entry to WSU’s networks between July 9, 2023, and March 16, 2024, acquiring entry to 580 terabytes of knowledge.

It’s unclear if the submit revealed on the darkish net in November 2024 comprises info stolen throughout that incident, or if it issues a separate case altogether.

BleepingComputer has contacted WSU to ask for clarifications on that matter, however we’re nonetheless ready for his or her response.

Given the state of affairs with repeated breaches and delicate information leaked on-line, Vice-Chancellor and President George Williams issued an apology.

“The College may be very conscious of the private influence these incidents are having on its college students, workers, and wider neighborhood,” Williams acknowledged.

“On behalf of the College, I apologize to our neighborhood. Our groups are working exhausting to reply and strengthen our digital atmosphere.”