Hackers have successfully breached the Western Sydney University’s storage platform and gained unauthorized access to a staggering 580 terabytes of data, including personal information belonging to both staff and students. The cyber incident, which was initially discovered in January, was the result of malicious actors exploiting the university’s Microsoft Office 365 environment.
According to a statement released by the university on Wednesday, the hackers managed to infiltrate the Isilon storage platform and accessed data stored in 83 out of the university’s 400 directories. This revelation comes on the heels of a previous notification where the university disclosed that about 7,500 students had their data compromised after malicious actors accessed their email accounts and SharePoint files. With a student population of 47,000 and over 4,500 staff members, the scale of the breach is significant.
The hackers first gained unauthorized access to the university’s Microsoft Office 365 environment in May 2023 and maintained their presence there until January. Furthermore, investigations suggest that the university’s Solar Car Laboratory infrastructure may have been utilized as part of the cyber incident. Subsequently, the hackers managed to breach the Isilon storage environment in July 2023 and continued to access data stored there until March 16, 2024.
The compromised data includes a wide range of personal identifiable information such as names, contact details, birthdates, health information, government identification documents, tax file numbers, bank account information, and superannuation details. Additionally, sensitive information related to workplace conduct, health, and safety matters was also exposed. The university refrained from disclosing the exact number of individuals affected by this breach.
Despite the severity of the incident, the university reassured that its day-to-day operations remain unaffected and that there have been no threats from the hackers to disclose private information in exchange for money. Furthermore, monitoring of the dark web did not yield any evidence of the stolen data being uploaded or traded on illicit platforms.
As the investigation into this cyber breach continues, Western Sydney University is working diligently to enhance its cybersecurity measures and prevent similar incidents in the future. The university has urged all staff and students to remain vigilant and report any suspicious activity to the appropriate authorities. This breach serves as a stark reminder of the persistent threats posed by cybercriminals and the importance of robust cybersecurity practices in safeguarding sensitive data.