Western Sydney College (WSU) introduced two safety incidents that uncovered private data belonging to members of its group.
WSU is a outstanding Australian establishment providing varied undergraduate, postgraduate, and analysis packages throughout a number of disciplines.
It serves a pupil physique of 47,000 and employs over 4,500 everlasting and seasonal employees, working with an annual price range of roughly $600 million.
One of many incidents disclosed issues the compromise of one of many College’s single sign-on (SSO) techniques between January and February 2025.
This breach has reportedly led to the unauthorized entry of demographic, enrollment, and development data for about 10,000 present and former college students.
The college states that it took fast motion to dam the attacker as soon as it turned conscious of the breach, and investigations into the incident are ongoing.
The second cybersecurity incident issues a leak on the darkish internet of non-public data belonging to members of the College’s group.
Though that hackers printed the information on November 1, 2024, WSU solely turned conscious of it this 12 months on March 24.
The attacker’s wording within the submit is imprecise, however the college’s announcement mentions that it “broadly displays the identical kinds of private data outlined in earlier cyber notifications.”
Between the safety incidents, the tutorial institute suffered one other information breach in Could 2023, which it found and disclosed it a 12 months later, informing its group that hackers had accessed its Microsoft Workplace 365 surroundings, together with e mail accounts and SharePoint information.
That incident was later estimated to have impacted 7,500 people, exposing names, contact particulars, dates of delivery, well being data, authorities ID numbers, and checking account data.
The investigation revealed that the hackers maintained entry to WSU’s networks between July 9, 2023, and March 16, 2024, acquiring entry to 580 terabytes of knowledge.
It’s unclear if the submit printed on the darkish internet in November 2024 incorporates data stolen throughout that incident, or if it issues a separate case altogether.
BleepingComputer has contacted WSU to ask for clarifications on that matter, however we’re nonetheless ready for his or her response.
Given the state of affairs with repeated breaches and delicate information leaked on-line, Vice-Chancellor and President George Williams issued an apology.
“The College could be very conscious of the private impression these incidents are having on its college students, employees, and wider group,” Williams said.
“On behalf of the College, I apologize to our group. Our groups are working exhausting to reply and strengthen our digital surroundings.”
Based mostly on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK strategies behind 93% of assaults and learn how to defend in opposition to them.
