Western Sydney University hacked but no ransom demands


Western Sydney University has notified “approximately 7,500 individuals” that have been impacted by an intrusion into its IT network.

In a statement, the university reported, “The intrusion was identified by the University in January 2024 and quickly shut down. The University has been investigating the impact of the unauthorised access and investing in additional remediation measures.”

Since January 2024, the University has been investigating and identified that the earliest known unauthorised access to the University’s Microsoft Office 365 environment was on 17 May 2023 and included access to some email accounts and SharePoint files. There were also indications that the University’s Solar Car Laboratory infrastructure may have been used as part of the incident.

The University reported, “Monitoring and scanning indicates that the preventative measures taken as a part of the incident response have successfully prevented any further unauthorised access.

The University is working with a range of authorities, including NSW Police whose investigation is ongoing. The University has also been in ongoing contact with the NSW Information and Privacy Commission.

Overall, approximately 7,500 individuals have received notifications either by telephone call, email, or both.”

The University confirmed that there have been no threats received to disclose any of the private information which was accessed, and the University has not received any demands in exchange for maintaining privacy. The University has sought and been granted an injunction from the NSW Supreme Court to prevent access, use, transmission and publication of any data that was the subject of the incident.