Statement relating to Western Sydney University
The Acting Privacy Commissioner has been advised by Western Sydney University of a further data breach affecting former and current staff of the University in compliance with obligations under the Mandatory Notification of Data Breach Scheme (MNDB) Scheme.
Western Sydney University has issued a public notification confirming that an IT account was compromised which provided a perpetrator with unauthorised access to some data from its Student Management System and other back-end data storage systems including the Data Warehouse, from 14 August 2024 until 31 August 2024. The notification provides more information on the data breach and can be accessed via the University’s website.
People who believe they are affected by this latest incident or who have been notified and would like more information should contact Western Sydney University on 02 9174 6942 (Monday to Friday, 9.00am to 4.30pm AEST) or visit their website: https://www.westernsydney.edu.au/news/public-notification
Acting Privacy Commissioner, Sonia Minutillo said, “This further cyber incident is a reminder to all agencies that they are not immune to data breaches and protecting individual personal information should be a priority.
“These incidents can happen to any agency, regardless of size or sector. They can lead to significant impacts including identify theft, financial losses, and damage to public trust.”
The Acting Privacy Commissioner also reiterates that, “These incidents are an important reminder that agencies need to be vigilant and develop and implement strong and robust information management governance and security measures and practices.”
In October, the Acting Privacy Commissioner released the first MNDB Scheme Trends Report for November 2023 - June 2024. The Report observed in the first seven months of the MNDB Scheme, 25% of notifications had involved a cyber incident with the largest numbers of individuals impacted by cyber related data breaches.
The Acting Privacy Commissioner said, “The Report highlights that agencies need to be prepared for, and responsive to, the challenges posed by the rapidly evolving cyber environment.”
The Information and Privacy Commission (IPC) continues engagement and inquiries with the University about the notification in relation to its requirements under the MNDB Scheme.
The IPC also has information on support services available to help those impacted by a data breach, available via its website.
The IPC does not comment on the details of individual matters. Investigations of incidents are undertaken independently by the agency involved with reporting obligations required under the MNDB Scheme.
ENDS
For further information, please contact:
The Manager, Communications and Corporate Affairs on 0435 961 691 or email communications@ipc.nsw.gov.au
About the Information and Privacy Commission:
The Information and Privacy Commission NSW (IPC) is an independent integrity agency that supports the NSW Information Commissioner and the NSW Privacy Commissioner. Its vision is that privacy and access to government information are valued and protected in NSW. The Information Commissioner is the chief executive of the Commission.
About the Acting NSW Privacy Commissioner
Ms Sonia Minutillo was appointed as the Acting Privacy Commissioner in February 2024. As Acting Privacy Commissioner, her role includes the promotion of public awareness and understanding of privacy rights in NSW, as well as providing information, support, advice and assistance to agencies and the public.
The Privacy Commissioner administers the Privacy and Personal Information Protection Act 1998 (PPIP Act) and the Health Records and Information Privacy Act 2002 (HRIP Act).
For further information about the IPC visit our website at www.ipc.nsw.gov.au
