About 7500 staff and students have been caught up in a massive cyber attack at Western Sydney University.
Police are investigating the breach, which the university says dates as far back as May 2023, when an unauthorised party got into the Microsoft Office system and accessed email accounts and SharePoint files.
WSU says they have not received any threats to disclose the information if they do not pay a ransom fee.
A breach was first identified in January - which WSU says it quickly shut down - but a subsequent investigation found there had been a hack eight months earlier.
Along with their Office accounts, the university said its Solar Car Laboratory infrastructure had also been used in the breach.
WSU told affected individuals about the breach on Tuesday, with about 7500 people contacted by phone and email.
Interim vice-chancellor Clare Pollock said the university was committed to working through the issues with staff and students.
"On behalf of the university, I unreservedly apologise for this incident and its impact on our community," she said in a statement.
"It is deeply regrettable, and we are committed to transparently rectifying the matter and fulfilling our obligations."
The university has been granted an injunction at the NSW Supreme Court to stop the data that was the subject of the incident being used in any way.
The NSW Information and Privacy Commission has been involved in the investigation.
