Concerning email sent to uni students

NewsWire
·2-min read
Western Sydney University South Parramatta (Rydalmere) campus.
Western Sydney University South Parramatta (Rydalmere) campus.

Thousands of university students have recieved a concerning email advising them about how their private information accessed illegally following a cyber breach.

The breach, which happened at Western Sydney University (WSU) earlier this year, saw more than 7000 individuals impacted.

The university released a statement on Tuesday announcing the intrusion into its IT network.

The network was shut down quickly and an investigation found the earliest known access was on May 17, 2023.

The university alerted the 7500 individuals affected by the breach on Tuesday afternoon, outlining in an email that “investigations have indicated that a spreadsheet of students graduating in August 2023 was accessed at some point between 17 May 2023 and January 2024”.

The university quickly sent out emails to those affected by the breach. Picture: Supplied
The university quickly sent out emails to those affected by the breach. Picture: Supplied
WSU has apologised to those affected. Picture: Supplied
WSU has apologised and informed students and staff what information was accessed by the breach. Picture: Supplied

Information obtained illegally included students IDs, full names, their date of birth, mobile numbers and even whether they identified as Aboriginal or Torres-Strait Islander.

“In order to protect University staff, students and stakeholders, the University has sought and been granted an injunction from the NSW Supreme Court to prevent access, use, transmission and publication of any data that was the subject of the incident,” the email states.

After the breach was detected, WSU immediately alerted the authorities and, as highlighted in the email, worked with two cyber security firms – CrowdStrike and CyberCX.

These firms helped the university to examine the extent of the breach and “to advise on improvements to remediate and protect the network”.

“These investigations remain ongoing. The University notified the NSW Information Privacy Commission in early February in accordance with the Mandatory Notification of Data Breach Scheme,” the email reads.

“Additionally, the University has contacted the Australian Federal Police, Australian Signals Directorate, Australian Cyber Security Centre, Department of Defence, and Home Affairs.”

A spokesperson for the Department of Home Affairs told Newswire they were working with the university to manage “the impacts of the incident”.

Western Sydney University at Parramatta South (Rydalmere campus) for Welcome Week.
Western Sydney University at Parramatta South (Rydalmere campus) for Welcome Week.

“The National Office of Cyber Security is working with Western Sydney University and relevant Commonwealth and state and territory agencies to assist with managing the impacts of the incident,” they said.

“Western Sydney University is providing a range of tailored support services for those impacted by the incident, including a dedicated hotline and counselling support.”

The following private information that was accessed includes:

– Student ID and full name

– Date of birth

– Graduating degree (including any Honours, Major or Minors), date of completion and date of graduation

– Any prizes received

– University and personal email addresses

– Mobile phone number

– Grade Point Average (GPA) and Weighted Average Mark (WAM)

– Citizenship status and whether you identify as Aboriginal or Torres-Strait Islander

  • Up next
  • Up next
  • Up next
  • Up next

Latest stories