What happened
Western Sydney University disclosed a series of cyber incidents across 2024 and 2025 affecting student and staff personal information, including identity and enrolment data, with repeated unauthorised access to its systems [wsu]. The university issued multiple public notifications and engaged privacy regulators.
Timeline
- 2024 โ First unauthorised access to WSU systems detected [wsu].
- 2025 โ Further incidents and public notifications issued [wsu].
Current status
Under investigation, with ongoing notifications. Figures were not consolidated into a single official total and are not estimated here. [wsu]
Why it matters
A case study in repeat compromise โ how a foothold in a large institution can be exploited more than once.