Western Sydney University (WSU) staff and students have had their data compromised after a breach of the University's Microsoft Office 365 environment.
The breach was first identified in January this year and the earliest known unauthorised access, which included access to SharePoint files and email accounts, was on May 17, 2023.
The WSU Solar Car Laboratory infrastructure may have been used as part of the incident and measures taken after the discovery have prevented further unauthorised access.
"Since January 2024, the University undertook its due diligence to understand the nature, scope and scale of the incident, the number of individuals impacted, and to protect against further harm," said the university in a statement released on May 21, 2024. "Overall, approximately 7,500 individuals have received notifications."
WSU has received no threats to release any of the information which was accessed, or demands in exchange for maintaining privacy.
New South Wales Police are among several bodies working on the investigation and WSU is also working with the NSW Information and Privacy Commission. If anyone else is found to be affected by the unauthorised access, they will be notified.
“On behalf of the University, I unreservedly apologise for this incident and its impact on our community," said Interim Vice-Chancellor, Professor Clare Pollock. "It is deeply regrettable, and we are committed to transparently rectifying the matter and fulfilling our obligations.”
