๐Ÿ”’breach.co.nz ยท the NZ & Australia breach register ๐Ÿ›ก๏ธ A Govern service
Register โ€บ ๐Ÿ‡ฆ๐Ÿ‡บ AU โ€บ Education

Western Sydney University

๐Ÿ‡ฆ๐Ÿ‡บ Sydney, NSW ยท Western Sydney University ยท Record AU-2024-0180
โ— Confirmed
People affected
Not disclosed
Breach date
2024
Regulator
OAIC; IPC NSW
Trust tier
A ยท Confirmed

Data exposed

Student and staff personal information across multiple incidents (incl. identity and enrolment data) Confirmed

Confidence: Confirmed = regulator/court ยท Company-confirmed = the organisation's own disclosure ยท Media-reported = press. Figures without an official source are labelled, not estimated.

What happened

Western Sydney University disclosed a series of cyber incidents across 2024 and 2025 affecting student and staff personal information, including identity and enrolment data, with repeated unauthorised access to its systems [wsu]. The university issued multiple public notifications and engaged privacy regulators.

Timeline

  • 2024 โ€” First unauthorised access to WSU systems detected [wsu].
  • 2025 โ€” Further incidents and public notifications issued [wsu].

Current status

Under investigation, with ongoing notifications. Figures were not consolidated into a single official total and are not estimated here. [wsu]

Why it matters

A case study in repeat compromise โ€” how a foothold in a large institution can be exploited more than once.

GGOVERN Tabletop Exercises ยท Govern house Keep the campus running when the systems go dark. Book a Discovery Call โ†’