Security Report – 31 Oct 2025

Exploit: Hacking

Risk to Business: Severe: Western Sydney University has confirmed a major cyberattack that stole sensitive student data, including tax file numbers, passport details and private health and disability information. On October 23, the university revealed that the breach occurred through its student management system, which is hosted by a third-party provider on a cloud-based platform. Its investigation found that a daisy chain of suppliers had been exploited during the breach, starting at an additional external system, which itself was linked to the third-party cloud platform. The breach of the third- and fourth-party systems allowed hackers to access and exfiltrate data from the student management system. The stolen information includes names, dates of birth, ethnicity, employment and payroll details, bank account numbers, tax file and driver’s license numbers, passport and visa information, and even complaint, health, disability and legal records — making it one of the most severe education-sector breaches in recent months.

North America – Gmail – Technology

Exploit: Hacking

Risk to Business: Moderate: A massive email breach has been uncovered, reportedly compromising more than 183 million email accounts, including millions of Gmail users. Data breach notification service Have I Been Pwned revealed that the stolen emails and passwords were collected through infostealer malware. The breach, which occurred in April, saw cybercriminals quietly gather login details over time. The discovery has raised serious concerns across the tech industry about personal data security and the growing threat of infostealers that harvest sensitive information undetected for sale on the dark web.

Talk to a TCT team member today about implementing IT strategy plan for your business.