Western Sydney University has revealed an unknown attacker had access to its student management system and data warehouse for a fortnight in August, after gaining access using compromised credentials.
It’s the third cyber incident involving the university this year, after earlier compromises of its Microsoft 365 and Isilon storage infrastructure.
This time, an attacker used a compromised IT account to gain access to multiple systems, including the core student management system, a data warehouse and “other backend data storage systems”, the university said in an incident disclosure.
The attacker made entry on August 14, but the access was not detected as unauthorised until August 27. It was contained on August 31.
“The university’s investigation to date indicates the perpetrator has used sophisticated techniques to gain unauthorised access in a targeted, persistent and sustained manner,” it said.
The university was aware by October 1 that personal information had been accessed, but it took until today to determine exactly what data was impacted.
“Our investigation has confirmed names, addresses, University-issued email addresses, student identification numbers, tuition fee information (including fees deferred to HELP/HECS), student admission and enrolment data (including subject, results and progression information), and student demographic data (including nationality, Indigenous status, country of birth, citizenship status, gender and date of birth) were accessed,” it said.
The investigation remains ongoing, and the university warned it may find additional data was accessed as well.
The breach impacts “former and current students and staff of the university, the college and the international college, as well as staff of Early Learning Ltd.”
Western Sydney University said there was “no evidence to date that student records have been altered” as part of the unauthorised access.
The university had also received no threats related to the data, nor seen it appear on any dark web forums.
Western Sydney University said it is “enhancing detection and implementing 24/7 monitoring capabilities, implementing additional firewall protection, [and] increasing our cyber security team capacity” in response to this latest incident.”
It added: “Students and staff are advised that there may be ongoing disruption to the IT network as the university continues to uplift its cyber security protections.
“The university is not in a position to provide any further specific information about our remediation efforts to protect the ongoing security of our system.”