Western Sydney University has been hit by a major scam after mass emails were sent to students and alumni, including some claiming that degrees for some had been revoked.
Two different emails appear to have been sent from accounts where students and alumni were told that their degrees were “revoked”.
“We regret to inform you that, following a thorough review, the decision has been made to permanently exclude you from any further study at Western Sydney University. As a result, any existing certificates or awards previously issued to you are hereby revoked,” one email sent to students and seen by 9news.com.au said.
Western Sydney University has campuses across Sydney. (iStock)
“Please be advised that, pursuant to university policy, the decision of the Board of Trustees is final and binding.”
Students who received this email were told their enrolments in all units would be immediately cancelled, and their access to any student systems would be revoked.
Some impacted individuals said they received emails despite already officially graduating or having not completed their studies at the university.
Students at the university also received an email from an apparent official address called “Parking Permits”, which outlined an alleged breach by a student who was able to exploit vulnerabilities to create a false parking permit and access the email address.
“This is a glaring indication of the fundamental security weaknesses that still exist within WSU’s systems,” the email, a screenshot of which was posted online, claimed.
It is not known how many people received the emails, and whether other personal data is at risk or has been accessed in the breach.
Excerpts of the emails received by some students alleging their degrees or ability to study at the university had been revoked. (Supplied)
The university told 9news.com.au it was aware of the “fraudulent” emails.
“Western Sydney University is aware of fraudulent emails sent to students and graduates, with some falsely claiming that they have been excluded from the University or that their qualifications have been revoked,” a spokesperson from Western Sydney University said.
“These emails are not legitimate and were not issued by the university. We are reaching out to inform people that the email is fraudulent and have informed NSW Police.
“We sincerely apologise for any concern this may have caused.”
The university said it couldn’t give any further comment due to the incident being part of an ongoing police investigation.
9news.com.au has contacted NSW Police for comment.
Western Sydney University was involved in another data breach earlier this year, when the personal data of around 10,000 students ended up on the dark web.A former student was charged over the attack and fronted court in August.