www.westernsydney.edu.au
Open in
urlscan Pro
202.9.95.188
Public Scan
URL:
https://www.westernsydney.edu.au/news/cyber-incident
Submission: On July 31 via api from TR — Scanned from AU
Submission: On July 31 via api from TR — Scanned from AU
Form analysis 0 forms found in the DOM
Text Content
STUDENTS STAFF 0 Contact Us 0 Study with Us STUDY WITH US Explore Our Courses Online Short Courses Undergraduate Degrees Postgraduate Degrees Research Degrees Aboriginal and Torres Strait Islander Courses Microcredentials Sydney Graduate School of Management Apply Application Pathways Bonus Points HSC True Reward Scholarships Aboriginal and Torres Strait Islander Pathway Program New to Uni Orientation How Uni Works The College Pathway Programs RTO Programs English & Testing Programs International Indigenous Students Online Library The Academy Research RESEARCH Research at Western Sydney University | Globally recognised for our research strengths and innovations in teaching, our impact-driven research transforms lives and shapes the future. Research at Western Research Centres & Institutes Resources Business Services Equipment Access (Book Research Equipment) Contact Us About Western ABOUT WESTERN University Governance Leadership and Governance Executive Personnel Mission, Goals and Strategic Plan Our History Aboriginal and Torres Strait Islander Education Schools School of Business School of Computer, Data and Mathematical Sciences School of Education School of Engineering, Design and Built Environment School of Health Sciences School of Humanities and Communication Arts School of Law School of Medicine School of Nursing and Midwifery School of Psychology School of Science School of Social Sciences Campuses and Services Our Campuses Services and Facilities Safety and Security Accommodation Child Care Food Parking Venue Hire Library Jobs at Western Contact Us Community COMMUNITY Engage with Us Working in the Community Working with Schools Employ a Student or Graduate Penrith Observatory UniClinic Business and Community Centre for Western Sydney Launch Pad Western Growth International Partnerships Jobs for Students Giving to Western Alumni Indigenous PUBLIC NOTIFICATION – WESTERN SYDNEY UNIVERSITY CYBER INCIDENT 31 July 2024 Since unauthorised access to Western Sydney University’s IT network was discovered in January 2024, the University has been undertaking forensic investigations in line with our due diligence and legal obligations to determine the full nature, scope and scale of the incident. As a result of the ongoing investigations, the University issued this public notification on 31 July 2024 about unauthorised access to the University’s storage platform, known as the Isilon storage platform (Isilon). In particular, the University is drawing this public notification to the attention of our University community, which includes but is not limited to, our former and current students and staff. The University unreservedly apologises for this incident and the impact it is having on our community. The University is committed to transparently rectifying this matter and will keep our community updated as our investigation progresses. Update on the ongoing investigation After the University notified approximately 7,500 impacted individuals and our community about a breach to our Microsoft Office 365 environment in May 2024, the University confirmed personal information in Isilon was also subject to unauthorised access. Isilon holds My Documents information, departmental shared folders, and some backup and archived data. We have been and will continue to analyse the very large and complex dataset to properly understand the impact the unauthorised access to Isilon has had on individuals’ personal information. The University is now in a position to confirm: * There is evidence of access to approximately 580 terabytes of data across 83 of the 400 directories in Isilon. * The investigation to date indicates unauthorised access to Isilon occurred between 9 July 2023 and 16 March 2024. * Our initial review of Isilon has found personally identifiable information (PII) was accessed, including names, contact details, dates of birth, health information, sensitive information relating to workplace conduct and health and safety matters, government identification documents, tax file numbers, superannuation details and bank account information. Based on its forensic investigation to date, the University has no evidence that this incident extends beyond the University’s Microsoft Office 365 and Isilon environments. The University has not received any threats to disclose private information or demands in exchange for maintaining privacy. The University has dark web monitoring in place and there is no evidence to date that the data has been uploaded. The University has not detected any further unauthorised access to Isilon since remediation work took place. The University continues to engage with the authorities in relation to the perpetrator of the Isilon incident. What steps the University has taken The University is working with Australia’s leading digital forensics and incident response team at CyberCX and relevant authorities, including the National Office of Cyber Security, Office of the Australian Information Commissioner, NSW Information and Privacy Commission (IPC), Australian Federal Police, Australian Cyber Security Centre, Australian Signals Directorate and Home Affairs. The NSW Police Force’s Cybercrime Squad is conducting an investigation under Strike Force GIRRAKOOL. To protect University staff, students and stakeholders, the University sought and was granted an interim injunction in the NSW Supreme Court to prevent access, use, transmission and publication of any data that is the subject of the incident. This includes data in Isilon that was accessed without authorisation. The University’s leadership and Board have taken a number of steps to remediate the issue and further protect staff and students, including completing a password reset, enhancing detection monitoring, implementing additional firewall protection, increasing our cyber security team capacity, and reviewing data storage and retention practices. On 31 July 2024, the University drew this public notification to the particular attention of its community in emails issued to students, staff and alumni with information about the steps they can take to protect themselves, and the support services made available to them by the University. The University also issued a media release to draw this public notification to the attention of all those who may be impacted. The next steps The University will endeavour to notify individuals about the impact on their personal information in the coming weeks. However, due to the volume and complexity of the data, the University will not be able to issue individual notifications to all those who may be impacted. What action should you take? This public notification will help ensure our community stays vigilant to any signs their data may have been accessed. The University has engaged IDCARE, Australia’s national identity and cyber support service, to provide free advice and support to members of our community who may have questions about how to protect themselves when identity information may have been compromised. You can find out about ways to protect your personal information by visiting www.idcare.org/wsu-incident-response Opens in new window . You can also contact IDCARE on 1800 595 160 and quote the reference number WESSYDPB24 or complete an online Get Help form. Support services For additional support services and enquiries, the University has established a dedicated phone line. The phone line details are as follows: 02 9174 6942 (Monday to Friday, 9.00am to 4.30pm AEST). This website also has answers to additional questions you may have. Information about your rights If you are not satisfied with the University’s response to the incident, you can lodge a complaint or request an internal review by providing the details of your matter via email to internalreview@westernsydney.edu.au. Your email must be received within six months of the date of this public notification (31 July 2024). If you are not satisfied with the actions taken by the University, you can lodge a complaint with the NSW Information and Privacy Commission (IPC). The IPC has more information about making a complaint as well as your review rights and can be contacted at: * Phone: 1800 472 679 * Email: ipcinfo@ipc.nsw.gov.au Opens in new window * Post: GPO Box 7011, Sydney NSW 2001 * Website: www.ipc.nsw.gov.au Opens in new window Please note, this public notification will be published on the University’s public notification register Opens in new window from the date of publication (31 July 2024) for 12 months. This public notification will also be available on the Office of General Counsel’s website Opens in new window and the IPC’s website. -------------------------------------------------------------------------------- FREQUENTLY ASKED QUESTIONS Why has the University issued a public notification on 31 July 2024? After the University notified approximately 7,500 impacted individuals and our community about a breach to our Microsoft Office 365 environment in May 2024, the University confirmed personal information in Isilon was also subject to unauthorised access. The public notification will help ensure our community stay vigilant to any signs their data may have been accessed. What was the May 2024 Incident? On 21 May 2024, Western Sydney University notified individuals impacted by unauthorised access to its Microsoft Office 365 environment. The intrusion was identified by the University in January 2024 and quickly shut down. The University has been investigating the impact of the unauthorised access and investing in additional remediation measures. Since January 2024, the University undertook its due diligence to understand the nature, scope and scale of the incident, the number of individuals impacted, and to protect against further harm. This was also done in accordance with the University’s legal obligations. The investigation has indicated that the earliest known unauthorised access to the University’s Microsoft Office 365 environment was on 17 May 2023 and included access to some email accounts and SharePoint files. The University is working with a range of authorities, including NSW Police whose investigation is ongoing. The University has also been in ongoing contact with the NSW Information and Privacy Commission. Overall, approximately 7,500 individuals received notifications on 21 May 2024. What is Isilon and what was stored on it? Isilon is the University’s storage platform. It hosts the University’s Desktop My Documents information, departmental shared folders, and some backup and archived data. What is My Documents? Students and staff have access to their own My Documents, which includes My Documents, Desktop data, downloads, favourites and web history etc. The My Documents folders are located on our centralised network storage, which means an individual can access their My Documents on any computer within the Western network. The desktop/laptop needs to be connected to the University’s network via a physical network cable to enable this. What steps has the University taken in response? The University is working with Australia’s leading digital forensics and incident response team at CyberCX and relevant authorities, including the National Office of Cyber Security, Office of the Australian Information Commissioner, NSW Information and Privacy Commission, Australian Federal Police, Australian Cyber Security Centre, Australian Signals Directorate and Home Affairs. The NSW Police Force’s Cybercrime Squad is conducting an investigation under Strike Force GIRRAKOOL. To protect staff, students and stakeholders, the University sought and was granted an interim injunction in the NSW Supreme Court to prevent access, use, transmission and publication of any data that is the subject of the incident. This includes the data in Isilon that was accessed without authorisation. The University’s leadership and Board have taken a number of steps to remediate the issue and further protect staff and students, including completing a password reset, enhancing detection monitoring, implementing additional firewall protection, increasing its cyber security team capacity, and reviewing data storage and retention practices. What is the status of the investigations and when it is it likely to conclude? The University is continuing to work with Australia’s leading digital forensics and incident response team at CyberCX to analyse the data that has been accessed, and our investigations are ongoing. Does the University know who gained unauthorised access? The University continues to engage with the authorities in relation to the perpetrator of the Isilon incident. Has the perpetrator made any threats to the University? The University has not received any threats to disclose private information or demands in exchange for maintaining privacy. The University has dark web monitoring in place and there is no evidence to date that the data has been uploaded. What impact did this have on operations? The University’s day-to-day operations have not been impacted by the incident. How will I find out if I have been affected? The University will endeavour to notify individuals about the impact on their personal information in the coming weeks. However, due to the volume and complexity of the data, the University will not be able to issue individual notifications to all those who may be impacted. If you have any other questions about this incident, please call our dedicated phone line: 02 9174 6942 (Monday to Friday, 9.00am to 4.30pm AEST). If I am impacted, what support is available to me? The University unreservedly apologises and is here to support you. We have arranged the following services for you to access: * The University has engaged IDCARE, Australia’s national identity and cyber support service, to provide free advice and support to members of our community who may have questions about how to protect themselves when identity information may have been compromised. You can find out about ways to protect your personal information by visiting www.idcare.org/wsu-incident-response Opens in new window . You can also contact IDCARE on 1800 595 160 and quote the reference number WESSYDPB24 or complete an online Get Help form. * We have established a dedicated phone line and this website to answer any questions you might have. The phone line details are as follows: 02 9174 6942 (Monday to Friday, 9.00am to 4.30pm AEST). I am not affected by this incident, but this situation is impacting my mental health and studies. Who can I talk to? We understand this incident is concerning and we apologise for the impact it is having on our community. Please call 02 9174 6942 to speak with our dedicated team who can direct you to the most appropriate support. How can I escalate this matter further? If you have any other questions about this incident, please call our dedicated phone line: 02 9174 6942 (Monday to Friday, 9.00am to 4.30pm AEST). If you are not satisfied with the University’s response to the incident, you can lodge a complaint or request an internal review by providing the details of your matter via email to internalreview@westernsydney.edu.au. Your email must be received within six months of the date of this public notification (31 July 2024). If you are not satisfied with the actions taken by the University, you can lodge a complaint with the NSW Information and Privacy Commission (IPC). The IPC has more information about making a complaint as well as your review rights Opens in new window and can be contacted at: * Phone: 1800 472 679 * Email: ipcinfo@ipc.nsw.gov.au Opens in new window * Post: GPO Box 7011, Sydney NSW 2001 * Website: www.ipc.nsw.gov.au Opens in new window 21 May 2024 More information on the individual notifications issued on 21 May 2024 is available here Opens in new window . ACKNOWLEDGEMENT OF COUNTRY With respect for Aboriginal cultural protocol and out of recognition that its campuses occupy their traditional lands, Western Sydney University acknowledges the Darug, Eora, Dharawal (also referred to as Tharawal) and Wiradjuri peoples and thanks them for their support of its work in their lands in Greater Western Sydney and beyond. * Accessibility * Disclaimer * Privacy * Copyright * Complaints Unit * Admissions Transparency * Right to Information * Emergency Help CONTACT US * 02 9174 6942 * Locked Bag 1797 Penrith NSW 2751 FOLLOW US * * * * * * Website Feedback Western Sydney University Copyright © 2004-2024 | ABN 53 014 069 881 | CRICOS Provider No: 00917K | TEQSA Provider ID: PRV12061 (Australian University) Western Sydney University uses cookies to improve your experience using our website and to provide more personalised services to you. You may choose to disallow cookies through your web browser settings, however this may result in a less optimal experience with Western. To find out more about the way Western Sydney University handles your personal information, see our Privacy Policy and Privacy Management Plan. Accept All Cookies