Cyber Intruders Infiltrate Western Sydney Uni: Isilon Storage Affected for Eight Months
We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!
“`html
Data Compromise at Western Sydney University: Isilon Storage Affected
Quick Overview
- Western Sydney University faced a breach lasting more than eight months.
- Intruders gained access to 83 out of the 400 Isilon storage directories.
- A total of 580TB of data was compromised, including personal and confidential information.
- The breach originated from an initial attack on the Microsoft 365 platform.
- Investigations are actively being conducted by federal and state bodies.
Western Sydney University has disclosed a substantial data compromise that persisted for over eight months, impacting 580TB of data within its Isilon storage framework. The incident led to the exposure of personally identifiable and sensitive details from 83 of the 400 directories contained in the Isilon system.
Insights into the Breach
Isilon, a network-attached storage solution originally created by a company bearing the same name and later taken over by EMC (currently a part of Dell), was the core target. The breached storage included My Documents entries, departmental shared directories, and various forms of backup and archived files.
The university indicated that students and staff utilize centralized network storage to access their personal My Documents, which includes desktop content, downloads, favorites, and internet browsing history. This allows for an individual’s My Documents to be retrievable on any computer connected to the Western network.
Chronology and Extent of the Breach
Investigative findings suggest that unauthorized entry into the Isilon storage took place from July 9, 2023, until March 16, 2024. The preliminary analysis uncovered that sensitive data such as names, contact information, birth dates, health data, workplace behavior data, and financial information had been accessed.
Fortunately, since remediation efforts began on March 16, the university has not observed any additional unauthorized access. Furthermore, there have been no threats regarding the disclosing or publishing of the compromised data, nor has any information surfaced on the dark web.
Initial Breach and Ongoing Investigations
The security vulnerabilities at Western Sydney University trace back to an initial breach of its Microsoft 365 environment in May of the previous year. While there is no evidence of intruder access beyond the Microsoft Office 365 and Isilon environments, the specifics regarding how lateral movement transpired have not been made public.
Authorities at both federal and state levels, including the Cybercrime Squad of the NSW Police Force operating under Strike Force GIRRAKOOL, are currently investigating the matter.
University’s Reaction and Alerts
Western Sydney University has pledged to inform all individuals affected by the Isilon breach. However, it has noted that it may not be feasible to identify every individual impacted.
The university stated that the attackers gained access to “83 of the 400 directories in Isilon,” along with a cache of personally identifiable and sensitive information.
Conclusion
The data compromise at Western Sydney University underscores the essential necessity for robust cybersecurity practices. The extended breach of the Isilon storage system has exposed significant volumes of personal and confidential information, highlighting the urgency for heightened vigilance and advanced security measures. The university is collaborating with authorities to investigate and alleviate the situation, ensuring that similar incidents are prevented in the future.
FAQ: Essential Questions Addressed
Q: What type of data was compromised during the breach?
A:
The breach revealed personally identifiable information, including names, contact details, birth dates, health-related information, workplace behavior data, government identification numbers, tax file IDs, superannuation information, and bank account details.
Q: How long did the intruders have access to the Isilon storage?
A:
Intruders had unauthorized access to the Isilon storage system for a duration exceeding eight months, from July 9, 2023, to March 16, 2024.
Q: What measures has the university taken since the breach was identified?
A:
Following the detection of the breach, the university implemented remediation measures on March 16, and no further unauthorized access has since been recorded. They are also making efforts to notify all affected individuals and are cooperating with authorities for a comprehensive investigation.
Q: Has any of the compromised data been leaked or threatened with release?
A:
To date, there have been no threats to disclose or publish the compromised data, nor has any of the information appeared on the dark web.
Q: What was the initial cause of the data breach?
A:
The data breach originates from an initial compromise within the university’s Microsoft 365 environment in May of the previous year.
Q: Which storage system was the target of the breach?
A:
The compromised system was Isilon, a network-attached storage solution originally developed by Isilon Systems, later acquired by EMC and now part of Dell.
Q: Are any investigations still in progress?
A:
Yes, both federal and state authorities, including the Cybercrime Squad of the NSW Police Force, are conducting an inquiry under Strike Force GIRRAKOOL.
“`
