Statement relating to the Western Sydney University email scam

 

The Privacy Commissioner is aware of recent media reports regarding a mass email scam at the University of Western Sydney earlier this week. 

The University of Western Sydney has advised the Commissioner, and the Commissioner is engaged with them about the incident. 

The NSW Mandatory Notification of Data Breach (MNDB) Scheme requires reporting obligations for NSW public sector agencies. This includes informing the Privacy Commissioner as well as taking steps to notify affected individuals as soon as practicable if a data breach is likely to result in serious harm to individuals whose personal information is involved.

The IPC does not comment on the details of individual matters. Investigations of incidents are undertaken independently by the agency involved with reporting obligations required under the MNDB Scheme.

Privacy Commissioner Sonia Minutillo said, ‘This incident is a further important reminder that agencies need to be vigilant and develop and implement strong and robust information management governance and security measures and practices across their operating environments.

‘Following a breach, agencies must also notify affected individuals as soon as practicable so that they can take steps to reduce their risk of further harm.’ 

Reports about this incident may be understandably distressing to those who may be affected. If a data breach causes distress, there are support and resources available. Anyone concerned for their safety should contact NSW Police.

 

ENDS

 

For further information, please contact:

The Manager, Communications and Corporate Affairs on 0435 961 691 or email communications@ipc.nsw.gov.au

About the Information and Privacy Commission:

The Information and Privacy Commission NSW (IPC) is an independent integrity agency that supports the NSW Information Commissioner and the NSW Privacy Commissioner.  Its vision is that privacy and access to government information are valued and protected in NSW. The Information Commissioner is the chief executive of the Commission. 

About the NSW Privacy Commissioner

Ms Sonia Minutillo was appointed as the Privacy Commissioner in March 2025. As Privacy Commissioner, her role includes the promotion of public awareness and understanding of privacy rights in NSW, as well as providing information, support, advice and assistance to agencies and the public.

The Privacy Commissioner administers the Privacy and Personal Information Protection Act 1998 (PPIP Act) and the Health Records and Information Privacy Act 2002 (HRIP Act).

For further information about the IPC visit our website at www.ipc.nsw.gov.au

IPC Media Statement - Western Sydney University - 10 October 2025
Aboriginal and Torres Strait Islander Flags
We acknowledge Aboriginal and Torres Strait Islander peoples as custodians of Australia and pay our respects to Elders, past and present. We also acknowledge the ongoing connection to land, sea and communities throughout Australia, and the contributions to the lives of all Australians. 

IPC logo.

© IPC

CC logo

Navigate

Useful links

IPC Social Media

   Linkedin

 

IPC Social Media Terms of Use