WSU targetted in cyber breach

Western Sydney University has confirmed its third data breach in just over a year, affecting around 10,000 current and former students. In digital forensics, we see this delay in prevention and detection often.

The incident occurred through the university’s single sign-on system.

The breach reflects a broader challenge facing Australian institutions when it comes to early breach recognition and response.

Data compromised includes demographic details, enrolment records and student progression information.

Some of this information was later found circulating on dark web marketplaces.

The university has not yet disclosed how access was gained, but systems like single sign-on are increasingly vulnerable due to their central role in access management.

Notion Digital Forensics works closely with organisations across education, health and legal sectors to help identify structural vulnerabilities that leave critical data exposed.

Incidents like this one at Western Sydney University suggest broader internal challenges that have not been resolved.

In order to prevent these incidents from occurring, we like to recommend the Three Cs: compliance, complexity and culture.

Compliance refers to how closely systems follow internal and industry protocols.

Complexity relates to the sprawl and configuration of systems that, over time, become difficult to maintain or monitor effectively.

Cyber culture reflects whether teams across an institution treat cybersecurity as a shared responsibility or a technical afterthought.

The repeated nature of the breach points to weaknesses in at least one, if not all, of these areas.

The longer an incident remains undetected, the greater the operational and reputational damage – hence the importance of taking protective measures to ensure your company is not targeted by cyber criminals.

Notion Digital Forensics director Matt O’Kane said the longer an incident remains undetected, the greater the operational and reputational damage.