Students from a Sydney university have been impacted by two cybersecurity breaches, with personal data ending up on the dark web.
Data of approximately 10,000 former and current Western Sydney University students’ information was accessed in the security breach, which took place in January and February 2025.
The information included enrolment, progression and demographic information, with the university expected to contact “current and former students whose information was subject to unauthorised access” next week.
It’s understood that a security breach took place through the university’s single sign-on system, which provided access to thousands of students’ information.
“As soon as the unauthorised access was detected, the University’s internal and third-party cyber experts immediately began working to shut down the perpetrator’s access to the system in real time,” a statement from the university read.
The university also confirmed that it had located student data on a dark web forum, posted on November 1, 2024.
The post detailed “personal information belonging to the University community.”
“Early investigations indicate that the information contained in this post broadly reflects the same types of personal information outlined in previous cyber notifications,” a spokesperson for the university told 9News.com.au.
WSU Vice-Chancellor and President Professor George Williams AO apologised for the breach.
“Western Sydney University has been the subject of persistent and targeted attacks on our network,” he said.
“The University is very aware of the personal impact these incidents are having on its students, staff and wider community.
“On behalf of the University, I apologise to our community. Our teams are working hard to respond and strengthen our digital environment.”
The university has started an investigation into the breach and has also referred it to NSW Police.
