Western Sydney Uni discloses January "IT network" breach

By

Around 7500 people impacted.

Western Sydney University has disclosed a breach of its “IT network” from January that it has linked to an earlier incident involving its M365 environment.

Western Sydney Uni discloses January "IT network" breach

The university posted a notification to its website that said an “intrusion” was detected and “quickly shut down” in January this year.

Unspecified information on “approximately 7500 individuals” was accessed, the university said today, and notifications had now been sent.

The university said that “due diligence” in the five months since had uncovered a link between the January “intrusion” and a May 17 2023 incident that involved “unauthorised access to [its] Microsoft Office 365 environment.”

That May 2023 incident saw “some email accounts and SharePoint files” accessed.

The timing of the M365 access somewhat coincides with a prior incident disclosure by the university of “unusual activity” on its student management system, though it appears the two occurrences are unrelated.

iTnews asked the university for additional clarification of the timeline of events but was directed back to the website statement.

Forensic investigation also showed the January 2024 incident may have involved “the University’s Solar Car Laboratory infrastructure”, though the role was unclear.

While some 7500 people had been notified, the university said it had received “no threats” of data misuse or “demands in exchange for maintaining privacy”.

In addition, it said it had “sought and been granted an injunction from the NSW Supreme Court to prevent access, use, transmission and publication of any data that was the subject of the incident.”

This action was taken to “protect university staff, students and stakeholders”, and bears similarities to a previous cyber incident involving law firm HWL Ebsworth, where an injunction on accessing hacked data was also granted.

The university said both NSW Police and the NSW Information and Privacy Commission had been informed.

Interim vice-chancellor, Professor Clare Pollock “unreservedly apologised” for the incident.

“It is deeply regrettable, and we are committed to transparently rectifying the matter and fulfilling our obligations,” Pollock said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

BHP taps Azure to keep to its ERP transformation timeline

BHP taps Azure to keep to its ERP transformation timeline

Bendigo and Adelaide Bank uses GenAI, MongoDB to refactor application

Bendigo and Adelaide Bank uses GenAI, MongoDB to refactor application

Defence to build 'virtual environments' to model decisions and systems

Defence to build 'virtual environments' to model decisions and systems

NAB uses Ada to shift to real-time data ingestion

NAB uses Ada to shift to real-time data ingestion

Log In

  |  Forgot your password?