Western Sydney University Confirms Breach: Hackers Got Student and Staff Names, Phone Numbers, Emails

Western Sydney University has issued a public statement about a data breach that exposed the full names, phone numbers and email addresses of students and staff.

The earliest known unauthorized access to the University’s Microsoft Office 365 environment was May, 17 2023 and affected some email accounts and SharePoint files.

WSU only learned of the breach in January this year, prompting it to undertake “due diligence to understand the nature, scope and scale of the incident, the number of individuals impacted, and to protect against further harm.”

The school says it can now disclose what happened, notifying 7,500 individuals, including students and staff, that the breach may have compromised their personal information.

Australian news outlet cyberdaily.au says the data accessed in the breach includes:

· Student ID and full name

· Date of birth

· Graduating degree (including any honours, major or minors), date of completion and date of graduation

· Any prizes received

· University and personal email addresses

· Mobile phone number

· Grade point average (GPA) and Weighted Average Mark (WAM)

· Citizenship status and whether the student identifies as Aboriginal or Torres Strait Islander

The University’s Solar Car Laboratory infrastructure “may have been used as part of the incident,” WSU mentions, suggesting the science lab was targeted during the attack.

“The University is continuing to investigate the incident and if further persons are affected by the unauthorised access to the University IT network, they will be notified,” according to the statement.

The notice indicates this was not a ransomware attack, saying “there have been no threats received by the University to disclose any of the private information which was accessed, and the University has not received any demands in exchange for maintaining privacy.”

WSU students and staff should watch out for suspicious emails, texts or phone calls mentioning their private data. Even if this was not a typical data-grab involving ransomware, the university has no way of knowing for sure if the compromised info eventually gets sold to fraudsters on the underground web.

Scamio is a free scam detector and prevention service for anyone with a Bitdefender account. Suspicious about a certain phone call, email, or SMS? Simply describe the situation to our clever chatbot and let it guide you to safety. You can share with Scamio the exact thing you want to check, such as a screenshot, PDF, QR code, or link. Scamio lets you know in seconds if it’s a sham.