Cybercriminals have set their sights on Sydney academia with two recent attacks targeting Western Sydney University (WSU) and University of Sydney (USYD).
WSU was first to respond to a security incident when it announced on Thursday that the information of approximately 10,000 current and former students had been “subject to unauthorised access”.
The university revealed an unnamed threat actor had accessed student data in January and February 2025, with said data relating to “demographic, enrolment and progression” information.
“As soon as the unauthorised access was detected, the University’s internal and third-party cyber experts immediately began working to shut down the perpetrator’s access to the system in real time,” wrote WSU.
“Investigations into the incident are ongoing.”
The incident occurred through one of WSU’s single-sign-on (SSO) systems, though the university did not specify what this system was or how the unauthorised access occurred.
“As this incident is subject to ongoing investigations, including by NSW Police, the University is unable to provide further comment,” said WSU.
The university said it has continued to “work with cybersecurity experts and relevant authorities”, including the National Office of Cyber Security, Australian Federal Police, the Australian Signals Directorate’s Australian Cyber Security Centre, and the NSW Information and Privacy Commission.
Last year, the university reported three separate security incidents.
Dark web post dormant since November
Following its recent data breach, WSU also uncovered a post on a dark web forum which the university described as “referring to personal information belonging to the University community”.
The post appeared to have been uploaded 1 November 2024, WSU explained, while the university discovered it and activated an incident response plan in late March 2025.
WSU didn’t specify precisely what personal information was involved, though on 31 October 2024 it reported a previous attack had seen a threat actor gain access to names, addresses, university-issued email addresses, student identification numbers, tuition fee information, student admission and enrolment data, and student demographic data.
WSU reported three separate security incidents through 2024: a breach which involved a compromised IT account, a breach which impacted the university’s Microsoft Office 365 environment, and another which hit its storage platform.
“Western Sydney University has been the subject of persistent and targeted attacks on our network,” said WSU vice-chancellor and president, George Williams.
“The University is very aware of the personal impact these incidents are having on its students, staff and wider community.
“On behalf of the University, I apologise to our community. Our teams are working hard to respond and strengthen our digital environment.
“The higher education sector is increasingly the target of cyberattacks and Western Sydney University is not immune to this evolving threat landscape.”
WSNU has been granted an interim injunction in the NSW Supreme Court to prevent “access, use, transmission and publication” of any data associated with the dark web post.
Hacker claims University of Sydney breach
Following WSU’s breach, there was a separate security incident at USYD, during which a hacker claimed to have compromised the university’s source code.
In a post on a popular clear-web hacking forum, self-proclaimed hacker and data leaker ‘Sythe’ claimed to have stolen university programming files via developer platform GitHub.
“I have downloaded all repos associated with Sydney.edu.au's GitHub token,” wrote Sythe.
The hacker, who tagged their post with the label “source code”, also listed a range of allegedly stolen files related to contractor management software provider Beakon.
At the time of writing, members of the forum can “unlock” and view the allegedly stolen data for approximately two euros, or less than $3.80 Australian.
USYD chief information officer Sandie Matthews acknowledged that while there was a “breach involving Beakon”, no university data had been impacted.
“We became aware of a claim made on X alleging there had been a GitHub token leak from the University soon after it was posted,” said Matthews.
“We immediately contacted the vendor of our hosted Contractor Safety Management System, Beakon, who have investigated the incident and confirmed that while there was a breach involving Beakon, thankfully no University data was breached.”
A spokesperson for Beakon meanwhile told Information Age it was aware of “a potential compromise of a third-party site” used strictly for development and testing of its software updates.
“This area contained no sensitive client data,” they said.
“[It] is separate to live Beakon systems, but did contain filenames specific to one single customer.
“There was no breach of Beakon systems and no other customers are impacted.”
The spokesperson emphasised Beakon is “never complacent about the security of client information” and has enhanced its security monitoring as a precaution.
Beakon has serviced such companies as Coca Cola Amatil, fuel supplier Ampol, and Australian mining company South 32.
