Cybercrime , Fraud Management & Cybercrime , Geo-Specific
Western Sydney University Reveals Major Data Breach
Hackers Accessed the University’s Storage Platform for Over 9 MonthsAustralia's Western Sydney University said hackers exploited its Microsoft Office 365 environment to steal up to 580 terabytes of data, including staff and students' personal information.
See Also: Gartner Guide for Digital Forensics and Incident Response
The university said Wednesday that an investigation into the cyber incident, first discovered in January, revealed that malicious actors infiltrated its Isilon storage platform and gain unauthorized access to data stored in 83 of its 400 directories.
The fresh notification follows an earlier one in which the university said it notified about 7,500 students about malicious actors gaining access to their data after accessing some email accounts and SharePoint files. The university has 47,000 students and more than 4,500 staff.
The university said hackers gained unauthorized access to its Microsoft Office 365 environment in May 2023 and continued to maintain a presence in the environment until January. "Investigations also indicate that the University's Solar Car Laboratory infrastructure may have been used as part of the incident," WSU said.
The university said Wednesday that the hackers penetrated the Isilon storage environment in July 2023 and continued to access stored data until March 16, 2024. The compromised data includes personal identifiable data such as names, contact details, birthdates, health information, government identification documents, tax file numbers, bank account information and superannuation details.
It also includes sensitive information relating to workplace conduct and health and safety matters. WSU did not reveal how many students and staff members were affected as a result of hackers accessing the Isilon storage environment.
The university said the unauthorized access did not affect day-to-day operations and that it has not received any threats to disclose private information in exchange for money. It said dark web monitoring did not find any evidence of hackers uploading the stolen data to the dark web.