iTnews
  • Home
  • News
  • Technology
  • Security

Western Sydney Uni attackers accessed Isilon storage directories over eight months

By Ry Crozier
Jul 31 2024 11:20AM

Personal and sensitive data in scope of breach.

Western Sydney University has revealed that attackers had access to its Isilon storage infrastructure and 580TB of data for over eight months.

Western Sydney Uni attackers accessed Isilon storage directories over eight months

The university said that the attackers accessed “83 of the 400 directories in Isilon” and with that, a trove of personally identifiable and sensitive information.

Isilon is a network-attached storage system that was once made by a company of the same name, before being bought by EMC, which in turn was bought by Dell.

The university said the Isilon storage infrastructure “holds My Documents information, departmental shared folders, and some backup and archived data.”

"Students and staff have access to their own My Documents, which includes My Documents, Desktop data, downloads, favourites and web history etc," it said in an FAQ.

"The My Documents folders are located on our centralised network storage, which means an individual can access their My Documents on any computer within the Western network."

Investigations so far show that unauthorised access to Isilon "occurred between July 9 2023 and March 16 2024".

“Our initial review of Isilon has found personally identifiable information (PII) was accessed, including names, contact details, dates of birth, health information, sensitive information relating to workplace conduct and health and safety matters, government identification documents, tax file numbers, superannuation details and bank account information," the university said.

“The university has not detected any further unauthorised access to Isilon since remediation work took place on March 16.”

It added that it had received no threats to disclose or publish the data and had not seen it leaked onto the dark web.

The university’s security problems stem from an initial breach of its Microsoft 365 environment in May last year.

It said there is “no evidence” of attacker access beyond the “Microsoft Office 365 and Isilon environments" but did not explain how lateral movement occurred.

A number of federal and state authorities are involved in investigations, with NSW Police Force’s Cybercrime Squad conducting an investigation under Strike Force GIRRAKOOL.

The university said it would “endeavour” to notify all individuals impacted by the Isilon breach but said it may not be able to identify everyone.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
cybersecurityisilonsecuritystoragewestern sydney university

Related Articles

  • GPS spoofers 'hack time' on commercial airlines, researchers say GPS spoofers 'hack time' on commercial airlines, researchers say
  • In Pictures: Skybox and BT security roundtable In Pictures: Skybox and BT security roundtable
  • Browser vulnerability can be used to breach local networks Browser vulnerability can be used to breach local networks
  • Services Australia's sweeping security uplift plans for myGov Services Australia's sweeping security uplift plans for myGov

Partner Content

Dual Challenge: Securing Modern Enterprises While Enabling Remote Work
Partner Content Dual Challenge: Securing Modern Enterprises While Enabling Remote Work
AFL and Okta Team Up for a Game-Changing Play in Digital Security and Identity Management
Partner Content AFL and Okta Team Up for a Game-Changing Play in Digital Security and Identity Management
‘Work Anywhere, Thrive Everywhere’: Embracing Boundless Workplaces in a Changing World
Partner Content ‘Work Anywhere, Thrive Everywhere’: Embracing Boundless Workplaces in a Changing World
SOCO Reveals Microsoft AI with Power Platform Use Cases at Upcoming Government Event
Partner Content SOCO Reveals Microsoft AI with Power Platform Use Cases at Upcoming Government Event

Sponsored Whitepapers

Nine Ways To Prepare Your Database for a High-Traffic Event
Nine Ways To Prepare Your Database for a High-Traffic Event
How to Put AI at the Heart of Business Growth
How to Put AI at the Heart of Business Growth
Streamline Your Processes and Reduce Managed File Transfer Expenses
Streamline Your Processes and Reduce Managed File Transfer Expenses
Maximise Your Azure Investment with Fusion5
Maximise Your Azure Investment with Fusion5
CyberArk's 2024 Playbook: Identity Security and Cloud Compliance
CyberArk's 2024 Playbook: Identity Security and Cloud Compliance

Events

  • Integrate Integrate
Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Services Australia's sweeping security uplift plans for myGov

Services Australia's sweeping security uplift plans for myGov
Medibank allegedly missed EDR alerts before data breach

Medibank allegedly missed EDR alerts before data breach
Northern Beaches Council reviews security stack to shore up widening perimeter

Northern Beaches Council reviews security stack to shore up widening perimeter
CrowdStrike rejects Delta Air Lines claims over outage

CrowdStrike rejects Delta Air Lines claims over outage

Digital Nation

COVER STORY: What AI regulation might look like in Australia
COVER STORY: What AI regulation might look like in Australia
How eBay uses interaction analytics to improve CX
How eBay uses interaction analytics to improve CX
State of Security 2023
State of Security 2023
More than half of loyalty members concerned about their data
More than half of loyalty members concerned about their data
Health tech startup Kismet raises $4m in pre-seed funding
Health tech startup Kismet raises $4m in pre-seed funding
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.