Western Sydney University Breached, Students Get Fake Emails
Published
- Fraudulent emails: Fake emails from Western Sydney University claimed to revoke degrees or exclude students from study.
- System vulnerability: A second batch, apparently sent from a university "Parking Permits" address, highlighted security weaknesses.
- Official response: The university has confirmed the emails are illegitimate, apologized for the distress caused, and notified NSW Police.
Western Sydney University is currently managing a significant cybersecurity incident after attackers sent fraudulent emails to students and alumni from what appeared to be official university accounts. One of the emails falsely informed recipients that their degrees had been revoked and that they were permanently excluded from further study at the institution.Â
Details of the Cybersecurity Breach
The fraudulent emails were sophisticated enough to cause widespread panic, with some containing accurate personal information, such as student numbers and official university links, as recently reported by 9News.
A second malicious email, sent from an account named "Parking Permits," claimed that a student had exploited system vulnerabilities to create a false permit and gain access to the email system used in the attack.Â
The incident raises serious questions about cybersecurity in education and the protection of student data. The full extent of the potential student data breach and whether other personal information was accessed is not yet known.
University and Police Response
The Australian education institution has publicly acknowledged the Western Sydney University email scam, confirming the communications were not legitimate and were not issued by the university.Â
In a statement, the institution apologized for the concern caused and confirmed that it has reported the incident to the NSW Police Cybercrime Squad, which has launched an investigation.Â
However, some students have expressed frustration, stating they learned of the scam through media reports before receiving official university communication.Â
This incident follows a separate data breach at the university earlier this year. A former student was charged in relation to the attack that leaked around 10,000 students' data on the dark web.
In September, the Radiant Group ransomware gang claimed responsibility for a cyberattack on Kido International Preschool & Daycare and posted child profiles and family contact details on the dark web.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular