University of Western Australia confirms data breach, mass password reset underway

The University of Western Australia has confirmed a cybersecurity incident involving unauthorised access to password information, prompting a system lockout for staff and students and a compulsory reset of credentials.

Chief information officer Fiona Bishop said a critical incident team was activated on Saturday night, and “countermeasures” were deployed as IT and digital teams worked through the weekend to secure accounts. “We locked and reset all students’, staff and visitor passwords,” she said, adding that recovery and investigation efforts are ongoing.

UWA said there is no evidence at this stage that any data beyond passwords was accessed. The university has not received any communication from those responsible, and there is no indication the breach involved ransomware.

Services are being restored in phases. Staff and students have been granted a three day extension on assessments to minimise disruption. Teaching is expected to continue as planned while support teams assist users with password resets over the next several days.

Bishop described the forensic process as “following footprints in the sand,” noting that universities hold valuable information and are an increasingly attractive target. The institution will continue strengthening its cybersecurity controls.

What affected users should do

• Change university passwords immediately and avoid reusing them on other services.

• Enable multi factor authentication where available.

• Be alert for phishing emails that reference the incident, and report suspicious messages to IT.

UWA said it will provide further updates as the investigation progresses.

Photo Credit: DepositPhotos.com