Western Sydney University Targets File-Sharing Sites Hosting Stolen Data

Western Sydney University has taken swift action against three file-sharing sites that hosted data stolen in a breach of its single sign-on system (SSO). The university, which had initially reported the incident on June 4, 2025, confirmed that sensitive information was available for download on these platforms for up to 16 days before being removed.

The breach occurred when hackers gained unauthorized access to the SSO, allowing them to steal a substantial amount of data. The university issued takedown notices to two open web file-sharing sites within hours of detection and successfully removed their datasets by June 8, 2025. A third dataset was no longer accessible by June 20, 2025.

The published dataset contained a wide range of information, including personal details, identity document numbers, government identifiers, and study information. A sample of the data had been previously shared on a dark web forum, which, due to its anonymous nature, could not be taken down. The data remains online as of now.

The university has apologized for the series of incidents it suffered and acknowledged that the attacks have caused significant distress to its community. However, in a statement, Vice-Chancellor and President George Williams expressed gratitude towards the NSW Police, who recently arrested a former student in connection with cyber offenses related to the hacks.

"Our university has been relentlessly targeted in a string of attacks on our network," said Vice-Chancellor and President George Williams. "This has taken a considerable toll on our community, and for that, I am deeply sorry." The university will continue to assist police with their investigations as this matter progresses through the court.