Western Sydney University has suffered a significant cyberattack, marking the latest in a series of incidents targeting the institution since 2023. Sensitive data belonging to students, staff, and alumni—including tax file numbers, bank account details, passport and driver license information, visa and health data, contact information, and even ethnicities—was compromised when threat actors gained access to the university’s Student Management System hosted on a cloud-based platform by a third-party provider.
The breach was discovered after two instances of unusual activity on August 6 and August 11, 2025. Investigations revealed that unauthorised access occurred through a chain involving external systems linked to the university’s infrastructure between June 19 and September 3, 2025. The attackers subsequently used this stolen data to send out fraudulent emails to students and graduates on October 6, 2025.
These emails falsely claimed recipients had been excluded from the university or had their degrees revoked, causing widespread concern. Some scam emails appeared especially credible as they included legitimate student
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: