Share this article on:
Powered by MOMENTUMMEDIA
For breaking news and daily updates,
subscribe to our newsletter.
The University of Western Australia (UWA) has forced its students and staff to change their passwords after suffering a cyber attack affecting thousands.
Over the weekend, UWA disclosed that it had suffered a cyber incident and that staff and students had been locked out of its network until they changed their details.
“The university has detected unauthorised access to university password information. As a security measure, all staff and students have been locked out of UWA systems and are required to reset their passwords to gain access,” the university said.
“We do not believe any other information has been accessed; however, we are continuing to investigate this incident as our highest priority.”
The university’s chief information officer, Fiona Bishop, said the university activated its critical incident management team to counter the cyber attack.
“Our IT and many teams worked tirelessly overnight on Saturday and through the weekend to lock and reset all students’, staff and visitor passwords,” she said, speaking with ABC Radio Perth.
“We do know that people will continue to need support in resetting their password, and so, we will continue to man that effort over the course of the next couple of days.”
Bishop has said that there is currently no evidence that any data beyond passwords had been accessed and that no threat actor had yet reached out, adding there was “no indication of ransomware”.
However, Bishop said that the investigation is ongoing and that she is “exceptionally pleased” with the team’s responsiveness.
“We’ve already moved on to recovery and investigation,” she said.
“We’re working feverishly to ensure everyone can log on, staff and students have [been] provided a three-day extension to student assessments.”
However, a number of Reddit users claiming to have experience with UWA’s operations said that the university’s management has not rolled out cyber protections properly in the past.
“Totally not surprising having previously worked as a technology vendor at UWA,” said one user.
“Departments don’t speak to each other. Cyber policies half rolled out and not aligned to the network side of things.
“I’d imagine their research is leaking more than a sieve.”
Bishop added that UWA would continue to bolster its cyber security to prevent future incidents.
“Universities are powerhouses of information and learning, and the sector as a whole is a cyber target, which is only increasing as they become more digital and modernised,” she said.
The university did not disclose how many students were impacted by the incident.
UWA was previously targeted in a cyber attack in 2022, which led to a 22-year-old Perth man being charged with one count of unlawfully using a computer and gaining or intending to gain a benefit after he allegedly hacked the university.
The previous breach led to names, home addresses, email addresses, phone numbers, emergency contact details, birth dates, student IDs and photos, course and unit details and grades, birth country, and citizenship statuses being accessed by threat actors.
Be the first to hear the latest developments in the cyber industry.