Statement relating to an update on Western Sydney University’s cyber investigation
The Acting Privacy Commissioner has been advised by Western Sydney University of the data breach affecting its ISILON systems in compliance with obligations under the Mandatory Notification of Data Breach Scheme (MNDB) Scheme.
Western Sydney University has issued a media statement on the data breach which provides information about the data breach together with a public notification under the MNDB Scheme. The public notification is able to be accessed via the University’s website.
The Information and Privacy Commission (IPC) has engaged with the University about the notification in relation to its requirements under the MNDB Scheme.
People who believe they are affected by this incident or who have been notified and would like more information should contact Western Sydney University on 02 9174 6942 (Monday to Friday, 9.00am to 4.30pm AEST) or visit their website: www.westernsydney.edu.au/cyberincident
The IPC also has information on support services available to help those impacted by a data breach, available via its website.
The IPC does not comment on the details of individual matters. Investigations of incidents are undertaken independently by the agency involved with reporting obligations required under the MNDB Scheme.
The Acting Privacy Commissioner reminds all NSW public sector agencies bound by NSW privacy legislation of their obligations to protect and secure the personal information that they hold including to only collect the personal information necessary and to not hold it for longer than is necessary. The IPC has guidance available via its website to support agencies in meeting their obligations.
ENDS
For further information, please contact:
The Manager, Communications and Corporate Affairs on 0435 961 691 or email communications@ipc.nsw.gov.au
About the Information and Privacy Commission:
The Information and Privacy Commission NSW (IPC) is an independent statutory authority that administers New South Wales’ legislation dealing with privacy and access to government information. The IPC supports the Information Commissioner and the Privacy Commissioner in fulfilling their legislative responsibilities and functions and to ensure individuals and agencies can access consistent information, guidance and coordinated training about information access and privacy matters.
About the Acting NSW Privacy Commissioner
Ms Sonia Minutillo was appointed as the Acting Privacy Commissioner in February 2024. As Acting Privacy Commissioner, her role includes the promotion of public awareness and understanding of privacy rights in NSW, as well as providing information, support, advice and assistance to agencies and the public.
The Privacy Commissioner administers the Privacy and Personal Information Protection Act 1998 (PPIP Act) and the Health Records and Information Privacy Act 2002 (HRIP Act).
For further information about the IPC visit our website at www.ipc.nsw.gov.au
