Scribd
Upload
12 views2 pages

Ethics Case Study

In January 2025, Western Sydney University experienced a data breach involving unauthorized access to confidential student data affecting over 10,000 individuals. The breach went undetected for weeks, and a similar incident had occurred five months prior due to unpatched vulnerabilities and lack of security audits. The university's delayed response and lack of transparency led to significant damage to its reputation and student trust, prompting the involvement of a third-party cybersecurity firm and law enforcement.

Uploaded by

rodolfospc09
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
12 views2 pages

Ethics Case Study

In January 2025, Western Sydney University experienced a data breach involving unauthorized access to confidential student data affecting over 10,000 individuals. The breach went undetected for weeks, and a similar incident had occurred five months prior due to unpatched vulnerabilities and lack of security audits. The university's delayed response and lack of transparency led to significant damage to its reputation and student trust, prompting the involvement of a third-party cybersecurity firm and law enforcement.

Uploaded by

rodolfospc09
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
You are on page 1/ 2

Mr.

Ortiz IT systems and Applications 1

Case Study 3: Western Sydney University Data Breach


In January 2025, Western Sydney University began experiencing unusual activity in its
internal single sign-on (SSO) authentication system. For several weeks, no one noticed that
unauthorized actors were logging into administrative accounts and accessing confidential student
data. By late February, the breach had escalated to include names, student ID numbers, academic
records, and even personal contact information of more than 10,000 students—both current and
former.

In March, cybersecurity researchers discovered that this stolen data had been posted on
the dark web, with files available for download by anyone. To make matters worse, the
investigation revealed that a similar breach had occurred five months earlier but went undetected.

The IT department had failed to patch known vulnerabilities, and security audits had not
been conducted in over a year. Students were not notified until weeks after the breach was
confirmed, and many expressed outrages over the delayed response and lack of transparency.

The university has since brought in a third-party cybersecurity firm and is

cooperating with law enforcement, but its public reputation and student trust have taken a

massive hit. Discussion Questions

1. What ethical principles were violated in the university’s handling of this breach?
There was no information to the students when this was happening as the school was
unaware, the students did not consent to have data leaked.
2. How should the university have communicated with students during and after the
incident?
The university should’ve been clear and let the students know exactly what’s happening
3. If you were a student affected, how would this breach impact your view of the university?
I would be severely angry at the staff for their gross negligence and trust them way less.
4. What technical or organizational failures contributed to this security lapse?
The IT department didn’t do a security audit in over a year and they failed to patch
vulnerabilities
5. In terms of future prevention, what policies or tools would you implement?

VPNs and cyber security programs to ensure virtual safety for the school, staff and
students.

Submission
Answer the questions in MS Word and send them through Schoology as an attachment.

*NO PICTURES ‐ * NO PAPER ‐ *NO FILE SHARING

You might also like