Western Sydney University has been hit by a major cybersecurity breach after mass emails were sent to students and alumni, including some claiming that degrees for some had been revoked.

Reports surfaced on Monday of two different emails being sent from accounts seeming to have an affiliation with the university, including one from an email address called no-email@westernsydney.edu.au, where students and alumni were told that their degrees were “revoked”.

Some impacted individuals said they received emails despite already officially graduating or having not completed their studies at the university.

Students at the university also received an email from an apparent official address called “Parking Permits”, which outlined an alleged breach by a student who was able to exploit vulnerabilities to create a false parking permit and access the email address.

“This is a glaring indication of the fundamental security weaknesses that still exist within WSU’s systems,” the email, a screenshot of which was posted online, claimed.

It is not known how many people received the emails, and whether other personal data is at risk or has been accessed in the alleged breach.

The university told 9news.com.au it was aware of the “fraudulent” emails.

“Western Sydney University is aware of fraudulent emails sent to students and graduates, with some falsely claiming that they have been excluded from the University or that their qualifications have been revoked,” a spokesperson from Western Sydney University said.

“These emails are not legitimate and were not issued by the university. We are reaching out to inform people that the email is fraudulent and have informed NSW Police.

“We sincerely apologise for any concern this may have caused.”

The university said it couldn’t give any further comment due to the incident being part of an ongoing police investigation.

9news.com.au has contacted NSW Police for comment.