iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Western Sydney University has disclosed a cyber incident in which a threat actor exfiltrated back-end data.
In an email sent to Cyber Daily, the university said the threat actor gained access to an IT account, through which it accessed data “from the Student Management System and other back-end data storage systems, including the Data Warehouse” on 14 August.
The university discovered the breach almost two weeks later, on 27 August, and by 31 August, the access was “contained”.
Now, the university has announced that its investigations have unveiled that personal data was accessed in the incident, including “names, addresses, university-issued email addresses, student identification numbers, tuition fee information (including fees deferred to HELP/HECS), student admission and enrolment data (including subject, results and progression information), and student demographic data (including nationality, Indigenous status, country of birth, citizenship status, gender and date of birth)”.
While the threat actor behind the incident is still unknown, it revealed that the actor used sophisticated techniques to gain access, adding that the incident was targeted.
Following the incident, Western Sydney University has begun bolstering its cyber security protections, such as adding new firewall protections, rolling out password resets, increasing its cyber team capacity, rolling out 24/7 monitoring, and improving detection.
During this period, the university said that the IT network may face disruptions.
“The university is not in a position to provide any further specific information about our remediation efforts to protect the ongoing security of our system,” it said.
The university is currently notifying individuals affected by the breach and has been granted an interim injunction in the NSW Supreme Court to prevent the “access, use, transmission and publication of any data” exfiltrated in the incident and any others from this year.
“The university is working with cyber security experts and relevant authorities across government, including the National Office of Cyber Security, Australian Federal Police, the Australian Signals Directorate’s Australian Cyber Security Centre, and the NSW Information and Privacy Commission (IPC). The NSW Police Force’s cyber crime squad is also conducting an active investigation,” it said.
Western Sydney University specifies that this latest incident is separate from the two it suffered earlier this year.
On 21 May, Western Sydney University’s then interim vice-chancellor, Professor Clare Pollock, said that in January, an intrusion was detected in the university’s Microsoft Office 365 environment but was quickly shut down.
However, investigations revealed that access occurred as early as 17 May 2023 and that 7,500 students had been impacted.
“Since then, the university has been investigating the impact of the unauthorised access and investing in additional remediation measures,” Pollock said.
“Monitoring and scanning indicates that the preventative measures taken as a part of the incident response have successfully prevented any further unauthorised access.”
Be the first to hear the latest developments in the cyber industry.
