Study with Us
Research
About Western
School of Computer, Data and Mathematical Sciences
School of Education
School of Engineering, Design and Built Environment
School of Health Sciences
School of Humanities and Communication Arts
School of Law
School of Medicine
School of Nursing and Midwifery
School of Psychology
School of Science
School of Social Sciences
On Tuesday 15 April 2025, Western Sydney University informed its community about unauthorised access gained through one of the University’s single sign-on (SSO) systems.
Approximately 10,000 individuals, primarily current and former students received individual notifications outlining the impact on them, details of the actions they can take and the support the University has made available.
The University has been subjected to targeted attacks on our network. We are very aware of the personal impact these incidents are having on our students, staff and community and will continue to work to support our people as we manage the incident.
The incident
On Saturday 8 February 2025, the University became aware of potential unauthorised access. Our teams mobilised immediately to investigate the incident and take necessary steps to remediate the network.
Investigations have been underway since then to determine the extent of the impact on our community. This involves complex and thorough analysis of the information, which is still underway. It has been undertaken while concurrently implementing protective measures and responding to sustained and targeted attacks.
Initial investigations have identified that the unauthorised access was gained through one of the University’s single sign-on (SSO) systems, which began on 28 January 2025. Single sign-on is an authentication method that allows users to sign in to multiple systems with one set of credentials.
The University’s internal and third-party cyber experts worked in real time to shut down access pathways used by the perpetrator. A number of protective actions were taken including enhancing security on accounts, password resets and deploying additional monitoring, detection and forensic tools.
Unauthorised access to University systems occurred between 28 January and 25 February 2025 through the single sign-on (SSO) service.
Individual notifications
Approximately 10,000 individuals whose data was accessed through the single sign-on (SSO) service between 28 January and 25 February 2025 have received direct notifications from the University.
Investigations into the incident are ongoing.
Support available
Impacted individuals have received an individual notification with advice on the steps they can take to protect themselves.
There are a range of resources available to support you, including:
- For support regarding any impact to your personal information: The University has engaged IDCARE, Australia’s national identity and cyber support service, to provide advice and support to you on an ongoing basis, free of charge. IDCARE can help you protect your personal information that has been impacted by this incident, and help you understand the impact if you have received a previous notification. Visit https://www.idcare.org/wsu-incident-response or call them on 1800 595 160 quoting reference number WESSYSSI25.
- University phone line: The University has a phone line to support enquiries about this notice. They will be able to direct you to the appropriate supports available. Phone: 02 9174 6942 (Monday to Friday, 9.00am to 4.30pm AEST)
- ReportCyber: If you believe your information has been misused as a result of this incident, report this at https://www.cyber.gov.au.
- Information and Privacy Commission NSW: The IPC has a range of useful resources and support available on their website at https://www.ipc.nsw.gov.au/privacy/resources-citizens/data-breach-support
Actions taken by the University
When the University became aware of the unauthorised access, our internal and third-party cyber experts immediately began working to shut down known avenues of access in real time. The protective actions taken included enhancing security on accounts, password resets and deploying additional monitoring, detection and forensic tools.
Over the past year, the University has invested in a significant program to uplift our cyber capabilities. This includes implementing new technologies that enhance our ability to detect, respond to and defend against threats to our digital environment.
The University continues to work with cyber security experts and relevant authorities including the National Office of Cyber Security, Australian Federal Police, the Australian Signals Directorate’s Australian Cyber Security Centre, and the NSW Information and Privacy Commission (IPC).
The NSW Police Force’s Cybercrime Squad is also conducting an active investigation under Strike Force Pardey 2025 (E85649285).
Staying vigilant
The higher education sector is increasingly the subject of targeted cyber attacks, and the University is not immune to this.
Please remain vigilant to any signs of misuse of your information and act on any notifications you receive.
Frequently Asked Questions
On Saturday 8 February 2025, the University became aware of unauthorised access gained through one of the University’s single sign-on (SSO) systems.
Initial investigations have identified that the unauthorised access was gained through one of the University’s SSO systems, which began on 28 January 2025, and did impact members of the University community.
On Tuesday 15 April 2025 the University notified approximately 10,000 individuals whose data was accessed through the SSO service between 28 January and 25 February 2025.
On Thursday 10 April 2025, Western Sydney University updated its community on two cyber matters it is currently responding to. Today’s individual notifications expand on that update.
- The first advised the community of recent unauthorised access gained through one of the University’s single sign-on (SSO) systems. This is the incident that the individual notifications sent on Tuesday 15 April 2025 relate to.
- The second was to advise the community that the University had become aware of a post on the dark web referring to personal information belonging to the University community.
Investigations into both matters continue.
Single sign-on (SSO) is an authentication method that allows users to securely access multiple systems or applications using one set of login credentials (such as a username and password). It is a widely used technology that streamlines access by reducing the number of times users need to log in.
When the University became aware of the unauthorised access, our internal and third-party cyber experts immediately began working to shut down known avenues of access in real time.
A number of protective actions were taken including enhancing security on accounts, password resets and deploying additional monitoring, detection and forensic tools.
Over the past year, the University has invested in a significant program to uplift our cyber capabilities. This includes implementing new technologies that enhance our ability to detect, respond to and defend against threats to our digital environment.
The University has clear and established processes to follow, and our cyber experts worked quickly and in real time to shut down avenues of access to remediate the network. This critical work had no material impact on the University’s operations.
Investigations into the incident are ongoing, and the University continues to engage with the relevant authorities.
The University issued notifications to 10,000 impacted individuals on Tuesday 15 April 2025. Where the University had mobile phone details for these individuals, they also received a text message directing them to check their personal or student email account.
Investigations into the incident are ongoing and the University will make further notifications in line with our legal obligations.
Impacted individuals have received a notification with advice on the steps they can take to protect themselves. There are a range of resources available, including:
- For support regarding any impact to your personal information: The University has engaged IDCARE, Australia’s national identity and cyber support service, to provide advice and support to you on an ongoing basis, free of charge. IDCARE can help you protect your personal information that has been impacted by this incident, and help you understand the impact if you have received a previous notification.
- Visit https://www.idcare.org/wsu-incident-response or call them on 1800 595 160 quoting reference number WESSYSSI25.
- University phone line: The University has a phone line to support enquiries about this notice. They will be able to direct you to the appropriate supports available. Phone: 02 9174 6942 (Monday to Friday, 9.00am to 4.30pm AEST).
- ReportCyber: If you believe your information has been misused as a result of this incident, report this at https://www.cyber.gov.au.
- Information and Privacy Commission NSW: The IPC has a range of useful resources and support available on their website at https://www.ipc.nsw.gov.au/privacy/resources-citizens/data-breach-support
The University issued individual email notifications on Tuesday 15 April 2025, along with an SMS to advise of the email.
If you have any questions about the communications you received, please call our dedicated phone line: 02 9174 6942 (Monday to Friday, 9.00am to 4.30pm AEST). They can help answer your questions and direct you to the appropriate supports available. Please remember to treat our frontline staff with respect as investigations are ongoing, and we do not have all the answers right now.
Every notification should be treated separately from previous notifications you may have received.
It is important that you take every notification you receive seriously, read it closely and follow the advice outlined in it. We encourage you to take the recommended actions, regardless of steps you may have taken in the past and to use the support services available if you need them.
If you have received more than one notification from the University, IDCARE can also help you understand the impact on you.