Western Sydney University statement on cyber incidents

Shield with Western Sydney University

Western Sydney University has today updated its community on two cyber matters it is currently responding to.

  • The first is to advise our community of recent unauthorised access gained through one of the University’s single sign-on (SSO) systems.
  • The second relates to information that was posted by a perpetrator to a dark web forum.

“Western Sydney University has been the subject of persistent and targeted attacks on our network. The University is very aware of the personal impact these incidents are having on its students, staff and wider community,” Vice-Chancellor and President, Distinguished Professor George Williams AO said.

“On behalf of the University, I apologise to our community. Our teams are working hard to respond and strengthen our digital environment.

“The higher education sector is increasingly the target of cyber attacks and Western Sydney University is not immune to this evolving threat landscape.

“We ask our community to stay vigilant, remain alert and respond promptly when you are asked to take action.”

Single Sign-On Incident

The University expects to notify approximately 10,000 current and former students next week whose information was subject to unauthorised access that occurred in January and February 2025. The data relates to demographic, enrolment and progression information.

As soon as the unauthorised access was detected, the University’s internal and third-party cyber experts immediately began working to shut down the perpetrator’s access to the system in real time.

Investigations into the incident are ongoing.

Dark Web Post

On Monday 24 March 2025, the University became aware of a post on the dark web referring to personal information belonging to the University community. The University immediately activated its incident response plan and then alerted authorities.

Investigations indicate the post was made on 1 November 2024. The post was identified as a result of the University’s continued investment in our cyber capabilities.

The University continues to investigate the post in conjunction with the authorities. Early investigations indicate that the information contained in this post broadly reflects the same types of personal information outlined in previous cyber notifications.

We will keep the community informed as investigations progress. As impacted individuals are identified, we will notify them and explain the steps those individuals should take to protect themselves.

To protect its staff, students and community, the University has previously sought and was granted an interim injunction(opens in a new window) in the NSW Supreme Court to prevent access, use, transmission and publication of any data associated with the post.

Ongoing Investigations

The University continues to work with cyber security experts and relevant authorities including the National Office of Cyber Security, Australian Federal Police, the Australian Signals Directorate’s Australian Cyber Security Centre, and the NSW Information and Privacy Commission (IPC).

The NSW Police Force’s Cybercrime Squad is also conducting an active investigation under Strike Force Pardey 2025 (E85649285).

As this incident is subject to ongoing investigations, including by NSW Police, the University is unable to provide further comment.

ENDS

10 April 2025

Media Unit.