Share and Follow
An Australian university has apologised after reports that some students received emails falsely claiming they had been removed from their courses or had their qualifications revoked.
Current and former students of Western Sydney University (WSU) have posted about the emails on social media this week, with some saying their decades-old degrees had supposedly been revoked.
Other students said they’ve felt “super stressed” by the incident and will be contacting the university for support.
The university said it “sincerely apologised” for concerns caused.
“Western Sydney University is aware of fraudulent emails sent to students and graduates, with some falsely claiming that they have been excluded from the University or that their qualifications have been revoked,” a WSU spokesperson said in a statement to SBS.
“These emails are not legitimate and were not issued by the University.”
A second apparent hacking
After the initial flurry of emails sent by a fake address, a second alleged hack took place on Monday night, when a mass email was sent to the WSU community.
This mass email, which came from the university’s parking permits account, appears to have been sent by a hacker claiming they exploited the university’s cybersecurity.
“This is a glaring indication of the fundamental security weaknesses that still exist within WSU’s systems,” the email reads.
“What’s more concerning is that these vulnerabilities are easily exploited with just a few clicks, and anyone with a basic understanding of web development can access and manipulate sensitive information.”
The email claims that WSU has known about the “weakness” in its cybersecurity since 2017, but has “neglected to take meaningful action”.
The WSU spokesperson said the university reported the incident to NSW Police.
“As this is part of an ongoing police investigation, we are unable to provide further comment at this time.”
One user on Reddit, claiming to have been impacted by the breach, said they had received their degree over a decade ago.
“I received the same email even though I graduated 15 years ago. I guess they don’t purge personal records after 7 years.”
Another recipient of the email wrote online about their uncertainty.
“I just had a full-on panic attack and woke up my mum, who read it and pointed out all the reasons why she thinks it’s a scam … what do we do about it? Let WSU know or just leave it?”
