Overview
- Thousands of current and former students received fraudulent emails falsely stating they were excluded or their qualifications had been revoked, with messages containing correct names and student numbers.
- Vice-chancellor George Williams apologized and said an unauthorized actor accessed an automatic email generator and used previously stolen information; there were no ransom demands or malicious links and the system was swiftly contained.
- NSW Police cybercrime detectives are investigating, and the university says it has notified regulators, is contacting affected people, and has launched a forensic review.
- A second mass message from a 'Parking Permits' account alleged longstanding security weaknesses at the institution, and this email is also drawing police attention.
- The campaign follows earlier breaches that exposed thousands of records and led to charges against a former student; WSU says it has spent about $26 million on cybersecurity this year and plans similar investment next year, even as some recent enrollees question how their details appeared in the latest emails.