Western Sydney University reports two more security breaches and data leak

Western Sydney University (WSU) has disclosed two security incidents that have compromised personal information belonging to members of its community. 

The university, serves approximately 47,000 students and employs over 4,500 permanent and seasonal staff.

The first incident involves the compromise of one of the University's single sign-on (SSO) systems between January and February 2025. This breach resulted in unauthorized access to sensitive information for approximately 10,000 current and former students. The exposed data included:

• Demographic information
• Enrollment details
• Academic progression records

The university stated that it blocked the attacker once the breach was detected, and investigations into the incident are still ongoing.

The second incident involves a data leak on the dark web containing personal information of university community members. Although the hackers published this data on November 1, 2024, WSU only discovered the breach on March 24, 2025, nearly five months later. The university noted that the exposed information "broadly reflects the same types of personal information outlined in previous cyber notifications,". No details about the attack or number of affected individuals were provided.

These incidents follow three previous breaches in 2024

Vice-Chancellor and President of the University George Williams issued an apology: "The University is very aware of the personal impact these incidents are having on its students, staff, and wider community. On behalf of the University, I apologize to our community. Our teams are working hard to respond and strengthen our digital environment."