It is understandable that this week, the Western Sydney University community felt great anguish. A coordinated spam attack used fake emails to announce revoked degrees and disqualify students. The crisis began with a reported cyber attack on Monday evening. In response, the university rushed to send their own mass email, warning students and alumni about their response.
Following the breach, one employee posted on Reddit about their experience. They shared how they unexpectedly got one of the fake emails, despite graduating more than ten years ago. Someone else described getting the same notification despite having finished their education 15 years in the past. The user remarked, “I guess they don’t purge personal records after 7 years,” reflecting the confusion and concern among those affected.
At first, these fraudulent emails came from aHouse.gov phishing email address, which caused the majority of recipients to doubt the legitimacy of the communication. Following the second claimed hack late Monday night, the university moved. It sent a community-wide mass email, doubling down on its promise to bring forth a solution.
“Western Sydney University is aware of fraudulent emails sent to students and graduates, with some falsely claiming that they have been excluded from the University or that their qualifications have been revoked,” said a spokesperson for WSU.
“These emails are not legitimate and were not issued by the University,” they added.
The emotional toll of these fraudulent communications was clear on their many recipients. One individual described their panic upon receiving the email, stating, “I just had a full-on panic attack and woke up my mum, who read it and pointed out all the reasons why she thinks it’s a scam … what do we do about it? Let WSU know or just leave it?”
In addition to questions of transparency, there have been significant concerns raised about the security measures WSU has taken. A hacker, who claimed responsibility for the breach, sent a mass email stating, “This is a glaring indication of the fundamental security weaknesses that still exist within WSU’s systems.” They further emphasized that “these vulnerabilities are easily exploited with just a few clicks, and anyone with a basic understanding of web development can access and manipulate sensitive information.”
WSU’s spokesperson stated, “As this is part of an ongoing police investigation, we are unable to provide further comment at this time.”
This incident has sparked discussions not only about the security protocols at Western Sydney University but about data privacy and the handling of personal records. The university community still hopes to hear more clear and reassuring signals from their officials as they continue to make their way through this unsettling situation.
