What happened in the recent data breach at Western Sydney University (WSU)?

Western Sydney University (WSU) reported its third data breach in 2024, where an IT account was compromised, granting the attacker access to WSU’s Student Management System and data warehouse from August 14 to August 31. This breach exposed extensive student personal and enrollment data.

What types of student data were exposed in the August 2024 breach at WSU?

The data exposed includes student names, addresses, university-issued email addresses, student ID numbers, tuition and deferred fee information, admission and enrollment details, subject data and results, and demographic information such as nationality, Indigenous status, citizenship, gender, and date of birth.

Which systems were compromised in the August 2024 WSU data breach?

The attacker gained access to WSU’s data warehouse and the Ellucian-provided Student Management System, which contain comprehensive student records from recruitment to graduation. Additionally, the breach provided access to other internal systems, including student engagement, HR, and financial systems.

How many individuals were affected by the August 2024 WSU data breach?

WSU has not disclosed the number of individuals affected by the August 2024 data breach.

What were the previous data breaches reported by WSU in 2024?

WSU reported two prior breaches in 2024. In May, attackers accessed WSU's Microsoft Office 365 environment, exposing data for about 7,500 individuals. In July, attackers infiltrated WSU’s Isilon storage platform, accessing 83 directories and compromising approximately 580 terabytes of data.

How long did the unauthorized access last in the August 2024 WSU breach?

The unauthorized access lasted from August 14, 2024, until it was severed on August 31, 2024.

Incident

Western Sydney University (WSU) reports third data breach in 2024

Q: Which authorities are involved in the investigation of WSU’s August 2024 data breach?

WSU is collaborating with cybersecurity experts and Australian authorities, including the Australian Federal Police, the Australian Cyber Security Centre, the NSW Information and Privacy Commission, and the NSW Police Force Cybercrime Squad.

published: Nov. 4, 2024

Learn More

Western Sydney University (WSU) reportsits third data breach in 2024, revealing that on August 14, a threat actor compromised an IT account to access the university’s Student Management System and data warehouse. The unauthorized access persisted until it was severed on August 31 and exposed extensive personal and enrollment data for students.

According to WSU, the attacker gained access to multiple backend systems, including the data warehouse and the Ellucian-provided Student Management System, which stores comprehensive student data from recruitment through graduation. The exposed data includes:

Names and addresses
University-issued email addresses
Student identification numbers
Tuition and deferred fee information (HELP/HECS)
Admission, enrollment, and progression details (including subject data and results)
Demographic data (such as nationality, Indigenous status, country of birth, citizenship status, gender, and date of birth)

No details are disclosed about the number of affected individuals.

The data warehouse breach gave the attacker access to data from various internal systems, including those supporting student engagement, human resources, and financial records, which are essential to daily university operations.

The university is collaborating with cybersecurity experts and Australian authorities, including the Australian Federal Police, the Australian Cyber Security Centre, and the NSW Information and Privacy Commission. The NSW Police Force Cybercrime Squad is also actively investigating the incident.

This incident follows two other breaches reported by WSU earlier in the year:

May 2024 Breach: Threat actors accessed WSU’s Microsoft Office 365 environment, compromising email and SharePoint files linked to approximately 7,500 individuals. The breach spanned from May 2023 to January 2024, and WSU reported that infrastructure from its Solar Car Laboratory may have been used in this attack.
July 2024 Breach: Attackers infiltrated WSU’s Isilon storage platform, accessing personal data in 83 directories out of 400. This breach exposed an estimated 580 terabytes of data, with unauthorized access lasting from July 2023 until March 16, 2024.

Western Sydney University (WSU) reports third data breach in 2024

Read More
Cyberattack Disrupts Dresden State Art Collections Digital Infrastructure
Virginia Tech reports data breach, exposed data of …
Roku reports second data breach, this time exposing …
Northern Ireland School IT System C2K Hit by …
Edmonds School District reports data breach exposing 91k …