Western Sydney University — Three Breaches in a Year

Western Sydney University (WSU) is a public Australian university with around 50,000 students. Across 2023 and 2024, the university disclosed three separate cyber incidents.

In May 2024, WSU disclosed that attackers had accessed its Microsoft 365 environment between May 2023 and January 2024 - approximately eight months of undetected access - and that email accounts and SharePoint files belonging to around 7,500 staff and students had been exposed. Investigation suggested that infrastructure in the Solar Car Laboratory had been used as a foothold during the incident.

In July 2024, WSU disclosed a second incident: between July 2023 and March 2024, attackers had accessed 83 of 400 directories on the university's Isilon storage platform, totalling approximately 580 TB of data including staff and student personal information.

In April 2025, the university disclosed a third incident affecting around 10,000 students, again involving unauthorised access to a research-adjacent system.

Public information confirms WSU operates under the standard tertiary information security framework, including documented requirements for monitoring, access control and segmentation between research and corporate environments. However, the university's detection and response cycles operated primarily on the corporate network. Research labs and connected experimental infrastructure - including the Solar Car Laboratory - sat in less-monitored zones and were not consistently included in detection coverage. Each subsequent incident showed that the gaps revealed by the previous one had not been fully closed when the next access began.