Western Sydney University issues update on April cyber incident

University confirms student data impacted by data breach includes personal information, Tax File Numbers, and identity documents.

The University of Western Sydney has issued an updated advisory outlining the impact of a cyber attack it first reported in October 2024.

“Our University has been relentlessly targeted in a string of attacks on our network. This has taken a considerable toll on our community, and for that, I am deeply sorry,” Vice-Chancellor and President, Distinguished Professor George Williams AO said in an August 28 statement.

“I’d like to thank the NSW Police who recently charged a former student from the University in relation to cyber offences. As that matter is now before the Court, I cannot make any further comment other than to say the University will continue to assist Police with their investigations.

“On behalf of the University, I again apologise to our community. Our teams continue to strengthen the University’s digital environment and defend against threats.

“We ask that our community remains alert to any suspicious activity, and that they take action when asked to.”

You’re out of free articles for this month

Username or Email

Password Forgot password?

Keep me signed in on this device.

First Name

Last Name

Mobile

Organisation Type

By becoming a member, I agree to receive information and promotional messages from Cyber Daily. I can opt out of these communications at any time. For more information, please visit our Privacy Statement.

Need help signing up? Visit the Help Centre.

The university has been able to confirm the nature of the data compromised in the incident, which occurred the year before, after the data was shared on several clear and dark web hacking forums. The university said that while it had been granted a court injunction that saw the data removed from the clear web forum in question, the injunction was impossible to serve on the dark web site at the time.

However, the university said today that the data appears to have been removed sometime in June. According to the university, the compromised data includes, but is not limited to:

Biographic information such as name and date of birth
Contact information such as email addresses and phone numbers
Identity documents provided to the University, such as passport numbers, driver's licence details and visa details
Tax File Numbers
Student admission and enrollment information

The university said it was continuing to work with the National Office of Cyber Security, Australian Federal Police, and the Australian Signals Directorate’s Australian Cyber Security Centre.

According to the university’s April update, approximately 10,000 students were impacted by the breach.

New South Wales Police arrested the alleged hacker in June 2025.

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

VIEW ALL

You need to be a member to post comments. Become a member for free today!

newsletter

Be the first to hear the latest developments in the cyber industry.

Western Sydney University issues update on April cyber incident

David Hollingworth

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED