iTnews
  • Home
  • News
  • Technology
  • Security

Western Sydney Uni attackers accessed Isilon storage directories over eight months

By Ry Crozier
Jul 31 2024 11:20AM

Personal and sensitive data in scope of breach.

Western Sydney University has revealed that attackers had access to its Isilon storage infrastructure and 580TB of data for over eight months.

Western Sydney Uni attackers accessed Isilon storage directories over eight months

The university said that the attackers accessed “83 of the 400 directories in Isilon” and with that, a trove of personally identifiable and sensitive information.

Isilon is a network-attached storage system that was once made by a company of the same name, before being bought by EMC, which in turn was bought by Dell.

The university said the Isilon storage infrastructure “holds My Documents information, departmental shared folders, and some backup and archived data.”

"Students and staff have access to their own My Documents, which includes My Documents, Desktop data, downloads, favourites and web history etc," it said in an FAQ.

"The My Documents folders are located on our centralised network storage, which means an individual can access their My Documents on any computer within the Western network."

Investigations so far show that unauthorised access to Isilon "occurred between July 9 2023 and March 16 2024".

“Our initial review of Isilon has found personally identifiable information (PII) was accessed, including names, contact details, dates of birth, health information, sensitive information relating to workplace conduct and health and safety matters, government identification documents, tax file numbers, superannuation details and bank account information," the university said.

“The university has not detected any further unauthorised access to Isilon since remediation work took place on March 16.”

It added that it had received no threats to disclose or publish the data and had not seen it leaked onto the dark web.

The university’s security problems stem from an initial breach of its Microsoft 365 environment in May last year.

It said there is “no evidence” of attacker access beyond the “Microsoft Office 365 and Isilon environments" but did not explain how lateral movement occurred.

A number of federal and state authorities are involved in investigations, with NSW Police Force’s Cybercrime Squad conducting an investigation under Strike Force GIRRAKOOL.

The university said it would “endeavour” to notify all individuals impacted by the Isilon breach but said it may not be able to identify everyone.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
cybersecurityisilonsecuritystoragewestern sydney university

Related Articles

  • Nine's web app protection blocked 96m bad requests in 2024 Olympics Nine's web app protection blocked 96m bad requests in 2024 Olympics
  • James Cook University accelerates digital roadmap and cyber uplift James Cook University accelerates digital roadmap and cyber uplift
  • US proposes requiring reporting for advanced AI, cloud providers US proposes requiring reporting for advanced AI, cloud providers
  • German intelligence says Russian GRU group behind NATO, EU cyberattacks German intelligence says Russian GRU group behind NATO, EU cyberattacks

Partner Content

Securing Modern Enterprise: IT Leaders Address Third-Party Risk Management
Partner Content Securing Modern Enterprise: IT Leaders Address Third-Party Risk Management
Kyocera hub
Kyocera hub
Why a speedy response is critical for hardware maintenance
Partner Content Why a speedy response is critical for hardware maintenance
Cost-Effective Maintenance for Aging IT Equipment: How Interactive Keeps Systems Running Smoothly
Partner Content Cost-Effective Maintenance for Aging IT Equipment: How Interactive Keeps Systems Running Smoothly

Sponsored Whitepapers

Redefining Vulnerability Management
Redefining Vulnerability Management
How JLL gained visibility into nearly 100K endpoints with Tanium
How JLL gained visibility into nearly 100K endpoints with Tanium
Why a holistic approach to managing risk is key to solving complex IT problems
Why a holistic approach to managing risk is key to solving complex IT problems
High Availability: The Foundation of Digital Transformation
High Availability: The Foundation of Digital Transformation
Nine Ways To Prepare Your Database for a High-Traffic Event
Nine Ways To Prepare Your Database for a High-Traffic Event
Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

BoM's seven-year technology transformation cost $866m

BoM's seven-year technology transformation cost $866m
Medibank allegedly missed EDR alerts before data breach

Medibank allegedly missed EDR alerts before data breach
ANZ joins NAB and CBA on ConnectID

ANZ joins NAB and CBA on ConnectID
James Cook University accelerates digital roadmap and cyber uplift

James Cook University accelerates digital roadmap and cyber uplift

Digital Nation

Health tech startup Kismet raises $4m in pre-seed funding
Health tech startup Kismet raises $4m in pre-seed funding
COVER STORY: What AI regulation might look like in Australia
COVER STORY: What AI regulation might look like in Australia
How eBay uses interaction analytics to improve CX
How eBay uses interaction analytics to improve CX
More than half of loyalty members concerned about their data
More than half of loyalty members concerned about their data
State of Security 2023
State of Security 2023
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.