Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Western Sydney University’s vice-chancellor says no data was stolen after fraudulent emails claiming degrees had been revoked were sent from a university address.
Professor George Williams AO, vice-chancellor of Western Sydney University (WSU), has sent an apology to students following yet another breach of its systems earlier this week.
Students from the troubled university received a pair of alarming emails this week, one claiming that their qualifications had been revoked, and a second claiming a series of technical failures when it comes to keeping student data secure.
Both emails came from official WSU email addresses.
“I want to start by saying again how sorry I am for the harm caused by the fraudulent emails sent on Monday. I know how distressing this has been for our students, alumni and broader community. People have told me this directly, and I can understand why people were so shocked and upset,” Williams (pictured) said in an email seen by Cyber Daily, sent to students on 8 October.
“My priority yesterday was to inform you as quickly as possible that the emails were fraudulent and to put support in place. I have since focused with our team on working with the police to tackle this criminal action and to understand exactly what has occurred.”
Williams confirmed that no data had been stolen in the incident and that the threat actor responsible was no longer in the university’s network.
“Instead, an unauthorised person accessed an automatic email generator and populated it with previously stolen information to send out the emails,” Williams said.
“This occurred on Monday, with our cyber team shutting down the system as soon as this became apparent. We were able to prevent many thousands of additional emails from being sent. The system is fully contained, and we are making sure this cannot be replicated.”
According to Williams, the hacker’s intent was to “harm our students and alumni”, and so far, no demand for payment has been made, nor did the emails contain malicious links or malware.
“Plain and simple, this was designed to hurt our community and damage the reputation of our university,” Williams said.
The vice-chancellor added that WSU has been under attack for some time, with a former student allegedly responsible for a series of cyber attacks and data breaches impacting the student body. That individual has been charged and is awaiting trial.
“Unfortunately, the attacks on our system have not stopped, as shown by the malicious emails sent on Monday,” Williams said.
Williams said the university is working hard to improve its cyber security posture and improve its systems, but admitted that – like many other universities – staying ahead of cyber criminals is a difficult and expensive process.
“I recognise how critical it is to support this work. We have not just a regulatory responsibility, but a moral responsibility to protect the data of our students and community. The theft of this data exposes people to harm, as the recent malicious emails show,” Williams said.
“At a time of financial stress and job losses, we have nonetheless prioritised our cyber security uplift. I see this as a non-negotiable requirement for us to operate as a university. We must look after our people as a bedrock of our teaching and research.”
WSU has spent $26 million on cyber security over the year to date and is planning a similar spend next year. Third-party consultants have also been engaged. Improvements to the university’s IT systems include improved password hygiene, stronger MFA, improved 24/7 monitoring, additional firewalls, streamlined account creation processes, and appointing a senior risk adviser.
“What is also clear though is that, even with these improvements, risk will remain. Even the most secure defence and government institutions remain aware of the ongoing possibility of cyber attack, including as new AI and other hacking tools emerge,” Williams said.
“The risk to our community has been reduced, but a risk remains, and always will do so.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
