Western Sydney University (WSU) has confirmed two major cybersecurity incidents that exposed the personal data of students and staff.
These breaches come on top of a previously disclosed 2023 data breach, raising serious concerns about ongoing security issues at the university.
Unauthorized Access to Student Information
In the first incident, one of the university’s single sign-on (SSO) systems was compromised between January and February 2025. This system is used to access various university services. According to WSU, hackers may have accessed the demographic, enrollment, and academic records of approximately 10,000 current and former students.
WSU says it acted quickly to block the attacker and began a full investigation, which is still ongoing.
Dark Web Data Leak
The second incident involves a dark web leak, where stolen personal data from WSU was published online on November 1, 2024. However, the university only became aware of this leak on March 24, 2025. While the attacker’s message was vague, WSU says the data is consistent with what was exposed in earlier breaches.
University Response
WSU’s Vice-Chancellor and President, George Williams, issued a formal apology:
“The University is very aware of the personal impact these incidents are having on its students, staff, and wider community. On behalf of the University, I apologize to our community. Our teams are working hard to respond and strengthen our digital environment.”
As of now, it’s unclear whether the dark web leak contains data from the 2023 breach or is part of a separate attack. Investigations are ongoing.
