HQ/EMEAFind out how we can help your business
A recent cyberattack affecting Western Sydney University has resulted in the exposure of sensitive personal data belonging to thousands of students and staff.
The institution has revealed multiple cybersecurity breaches across two years, prompting widespread concern within the university community.
One of the most recent incidents occurred between January and February 2025, when a single sign-on (SSO) system used for accessing university services was compromised. This breach allowed unauthorised access to the demographic, enrolment, and academic progression data of approximately 10,000 current and former students. Upon discovering the issue, the university moved quickly to block the attacker and launched an investigation that is still ongoing.
Western Sydney University faced a cyberattack involving dark web leaks and unauthorised access to staff and student data.
In a separate case, Western Sydney University learned in March 2025 that personal data had been leaked on the dark web, though the information had been published several months earlier, on November 1, 2024. The university stated that the leaked data appears to be similar in type to those outlined in previous notifications, though it remains uncertain whether it stems from an earlier breach, or a completely different university cyberattack.
Additionally, the institution’s cyber issues were made worse by a previously reported event that occurred in May 2023. The university’s Microsoft Office 365 environment, including email accounts and SharePoint files, had been compromised by hackers. This breach was not discovered until a year later and impacted around 7,500 individuals. The information compromised included names, contact details, dates of birth, health records, government ID numbers, and banking information. The attackers were able to obtain over 580 gigabytes of data between July 9, 2023, and March 16, 2024, according to investigators.
With three serious cyber incidents within a relatively short timeframe, concerns are growing about the university’s digital security practices. In light of the events, Vice-Chancellor and President George Williams publicly apologised to the affected community, acknowledging the emotional and personal toll. He reassured the public that the university is actively working to improve its digital environment and better protect its systems moving forward.
This university cyberattack is a reminder of the risks that educational institutions face in an increasingly digital world and the importance of implementing strong security measures to safeguard sensitive data.
