Western Sydney College (WSU) introduced two safety incidents that uncovered private info belonging to members of its group.
WSU is a distinguished Australian establishment providing varied undergraduate, postgraduate, and analysis applications throughout a number of disciplines.
It serves a scholar physique of 47,000 and employs over 4,500 everlasting and seasonal employees, working with an annual price range of roughly $600 million.
One of many incidents disclosed considerations the compromise of one of many College’s single sign-on (SSO) methods between January and February 2025.
This breach has reportedly led to the unauthorized entry of demographic, enrollment, and development info for roughly 10,000 present and former college students.
The college states that it took instant motion to dam the attacker as soon as it turned conscious of the breach, and investigations into the incident are ongoing.
The second cybersecurity incident considerations a leak on the darkish internet of non-public info belonging to members of the College’s group.
Though that hackers printed the info on November 1, 2024, WSU solely turned conscious of it this yr on March 24.
The attacker’s wording within the submit is imprecise, however the college’s announcement mentions that it “broadly displays the identical kinds of private info outlined in earlier cyber notifications.”
Between the safety incidents, the academic institute suffered one other information breach in Could 2023, which it found and disclosed it a yr later, informing its group that hackers had accessed its Microsoft Workplace 365 setting, together with e mail accounts and SharePoint information.
That incident was later estimated to have impacted 7,500 people, exposing names, contact particulars, dates of delivery, well being info, authorities ID numbers, and checking account info.
The investigation revealed that the hackers maintained entry to WSU’s networks between July 9, 2023, and March 16, 2024, acquiring entry to 580 terabytes of information.
It’s unclear if the submit printed on the darkish internet in November 2024 comprises info stolen throughout that incident, or if it considerations a separate case altogether.
BleepingComputer has contacted WSU to ask for clarifications on that subject, however we’re nonetheless ready for his or her response.
Given the state of affairs with repeated breaches and delicate information leaked on-line, Vice-Chancellor and President George Williams issued an apology.
“The College may be very conscious of the private impression these incidents are having on its college students, employees, and wider group,” Williams acknowledged.
“On behalf of the College, I apologize to our group. Our groups are working laborious to reply and strengthen our digital setting.”
Based mostly on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK strategies behind 93% of assaults and the way to defend towards them.
