Cyber Incident Victim: Western Sydney University
Date:
May 2023
Location:
Australia
Summary
Western Sydney University experienced unauthorized access to its IT systems, compromising Microsoft Office 365 email accounts and SharePoint files, with potential misuse of Solar Car Laboratory infrastructure. Approximately 7,500 individuals, primarily students, were notified of possible personal data exposure. The breach was promptly contained, with no subsequent threats or ransom demands received. The institution engaged cybersecurity firms CrowdStrike and CyberCX for investigation and remediation, implemented network enhancements, and secured a court injunction to prevent data misuse. Collaborating with NSW Police and the Information and Privacy Commission, the university continues its investigation while offering support to affected parties, with leadership issuing a public apology.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Western Sydney University identified unauthorised access to its IT network in January 2024 and promptly terminated the intrusion. The investigation revealed the earliest known compromise occurred on 17 May 2023 within the institution's Microsoft Office 365 environment, involving access to email accounts and SharePoint files. Forensic analysis suggested the university's Solar Car Laboratory infrastructure may have been exploited during the incident. Between January and May 2024, the institution conducted due diligence assessments to determine the incident's scope, scale, and impacted parties while implementing protective measures aligned with legal obligations. Monitoring confirmed that subsequent remediation efforts successfully prevented additional unauthorised access after initial containment.
The university notified approximately 7,500 affected individuals via phone, email, or both on 21 May 2024, though no ransom demands or threats to disclose stolen data were received. External cybersecurity firms CrowdStrike and CyberCX were engaged to investigate breach extent and recommend network hardening measures, with ongoing improvements implemented to safeguard student and staff data. Collaboration with NSW Police and the NSW Information and Privacy Commission continues through an active criminal investigation. The institution secured a NSW Supreme Court injunction prohibiting access, use, or dissemination of compromised data. A dedicated support phone line (02 9174 6942) was established for affected individuals, while core university operations remained unaffected throughout the incident. Internal and external cybersecurity teams continue remediation efforts with potential notifications pending for any additionally identified victims.