Four months after it noticed an intrusion into its network, the Western Sydney University says it has notified about 7500 individuals who have been affected.
In a statement on Tuesday, the university said the intrusion was identified in January this year and quickly shut down.
The intervening four months between discovery and informing those affected was because of "due diligence to understand the nature, scope and scale of the incident, the number of individuals impacted, and to protect against further harm. This was also done in accordance with the University’s legal obligations".
The statement said the earliest access to its Microsoft Office 365 environment was on 17 May 2023 when email accounts and SharePoint files were accessed.
{loadposition sam08}"Investigations also indicate that the University’s Solar Car Laboratory infrastructure may have been used as part of the incident," the university said.
"Monitoring and scanning indicates the preventive measures taken as a part of the incident response have successfully prevented any further unauthorised access.
"The University is working with a range of authorities, including NSW Police whose investigation is ongoing. The University has also been in ongoing contact with the NSW Information and Privacy Commission.
"Overall, approximately 7500 individuals have received notifications either by telephone call, email, or both.
"The University is continuing to investigate the incident and if further persons are affected by the unauthorised access to the University IT network, they will be notified.
"Importantly, there have been no threats received by the University to disclose any of the private information which was accessed, and the University has not received any demands in exchange for maintaining privacy.
"In order to protect University staff, students and stakeholders, the University has sought and been granted an injunction from the NSW Supreme Court to prevent access, use, transmission and publication of any data that was the subject of the incident.
"The University unreservedly apologises for this incident and its impact on our community. It is deeply regrettable and we are committed to transparently rectifying the matter."