Western Sydney University Statement on Cyber Incident
Western Sydney University is today able to advise its community of personal information that was previously impacted by a cyber incident and is providing advice on how people can protect themselves.
“I want to again apologise for the impact this is having, and give you my assurance that we are doing everything we can to rectify this issue and support our community,” Vice-Chancellor and President, Distinguished Professor George Williams AO said.
“This starts with working closely with NSW Police Force Cybercrime Squad’s Strike Force Docker and includes our ongoing efforts to strengthen our cyber security. On 25 June 2025, NSW Police arrested and charged a former student of the University.
“Despite this, attempts to gain unauthorised access to our systems have continued, including via external parties that supply IT services to the University.
“In recent weeks, it has become clear that these incidents are intended to harm our community.
“We encourage all students, staff and alumni who receive notifications to take the recommended actions, regardless of steps taken in the past, and to use the support services available.”
The University identified two instances of unusual activity on 6 August 2025 and 11 August 2025. This activity occurred on the University’s Student Management System, hosted by a third-party provider on a cloud-based platform.
An investigation commenced immediately, and the University directed the third-party provider to shut down access to its platform. The investigation confirmed that unauthorised access to this system was obtained through a further external system linked to that platform between 19 June 2025 and 3 September 2025.
Unauthorised entry through these third and fourth party systems enabled personal information to be accessed and exfiltrated from the University’s Student Management System. The University’s investigations confirm that the fraudulent emails which were sent to some community members on 6 October 2025 used data stolen in this incident.
As soon as the University became aware, it reported the matter to NSW Police and the relevant regulatory authorities. NSW Police requested the University refrain from notifying its community at the time to avoid interfering with ongoing Police investigations.
NSW Police has now approved the release of today’s notification which is for the attention of offer recipients, former and current students and staff of the University, The College and The International College; and staff of Early Learning Ltd.
The University can confirm the impacted personal information includes:
- Contact information (address, email address, phone number)
- Name, date of birth, student or staff ID
- Country of birth, nationality, citizenship and/or gender or identity information
- Ethnicity
- Employment and payroll details
- Bank account details
- Tax file number
- Driver licence details
- Passport details
- Visa information
- Complaint/case information
- Health and disability information
- Legal information.
Individual notifications are already being distributed to those impacted by this incident. Some notifications will include personal information impacted through previous incidents, identified through ongoing investigations.
The interim injunction previously granted to the University by the NSW Supreme Court continues to prohibit transmission, publication and use of any information or material obtained by the former student in an unauthorised manner from the University's IT systems and network.
ENDS
23 October 2025
Latest News
Parts of Australia’s tropical rainforests now a net source of carbon, new study finds
The trunks and branches of trees in Australia's tropical rainforests – also known as woody biomass – have become a net source of carbon dioxide to the atmosphere.
Western Sydney University are the number one Australian solar car team at the 2025 Bridgestone World Solar Challenge
Western Sydney Solar Car team has crossed the finish line placing preliminarily sixth in the world overall, and the number one Australian team in the world’s most prestigious solar car challenge.
Western secures funding to improve oral health for people living with diabetes
Western Sydney University’s Professor Ajesh George from the School of Nursing and Midwifery, Translational Health Research Institute and Australian Centre for Integration of Oral Health, has secured more than $990,000.
Mobile options:
