Expulsion Claims
Mass amounts of Western Sydney University students, alumni and staff have received emails informing them of expulsion, program revocation and a request to return any prizes or scholarship money. The University has claimed these are fraudulent and should be reported. A second email fraudulently sent from the University’s Parking Compliance team has also impacted students and alumni.
A university alum shared a screenshot of the email on Reddit’s UWS subreddit late on Monday 6th October
The email appears to be from a do not reply address titled: [WSU] Enrollment and Awards Revoked.
The email read:
We regret to inform you that, following a thorough review, the decision has been made to permanently exclude you from any further study at Western Sydney University. As a result, any existing certificates or awards previously issued to you are hereby revoked.
Emails contain many correct details, such as student numbers, and names however this is a result of a data breach and should not be considered an indication of credibility.
Reactions
Many current students and alumni shared a sense of shock and fear. Social media users reacted to the breach using phrases such as ‘mini heart-attack’, ‘terrified’, and ‘panicked’.
One comment read:
‘This university has a bit of a track record with mass emails[.] at this point, though this just might be the most spectacular clerical error I have ever seen.’
Current Western student Jenaya Simpson told W’SUP News she was working on an assessment when her friend messaged about a university email:
‘A couple minutes later, I got an email from a do-not-reply account saying that I was going to be permanently excluded from the University…’
She continued,
‘As someone who has completed my bachelor’s and is almost finished my master’s, I was so close to having a breakdown over it. I was so scared because it did look official’.
Screenshot of the fraudulent expulsion email plaguing Western Students. Supplied by Jenaya Simpson, 2025.
While scams are on Simpson’s radar, she felt panicked in the moment after four years of hard work.
‘Two other friends got the same or similar email’, she added. Comparing the emails allowed her to break out of the spiral and recognise the email’s fraudulent material.
‘…There’s been so many issues that I wasn’t surprised to hear about the breach’, she admitted. ‘It’s just the first time it’s immediately affected me’.
A second email, signed off from the Parking Compliance team, although appeared to be single authored, claimed the
A second email, titled ‘Urgent: WSU’s Ongoing Security Flaws and Lack of Action’ was sent to students from 9:30 PM 6th October 2025. The second email, sent from the University’s Parking Permits inbox, claims the university had “once again fallen victim to a security breach”.
The email detailed alleged cyber-criminal and former Western student Birdie Kingston’s charges in relation to her exploiting the university’s parking permit system. The email alleges Kingston used Inspect Element, a browser tool, to receive free parking. The email states:
‘This is a glaring indication of the fundamental security weaknesses that still exist within WSU’s systems. What’s more concerning is that these vulnerabilities are easily exploited with just a few clicks, and anyone with a basic understanding of web development can access ands manipulate sensitive information’.
The email also alleges the University was informed of cyber issues in 2017 but failed to act.
The email states:
‘So, the problem remains: Has WSU done anything to secure their systems since then? Based on the fact that this email was sent using the very same vulnerability in their website, the answer appears to be a resounding no’.
It also alleges that private information submitted through the University’s eForms system was hacked and stolen in August 2025:
‘Even more alarming is the fact that WSU has not disclosed this breach to students, leaving many unaware that their personal data may have been compromised. This lack of transparency is deeply troubling and further underscores the university’s disregard for student privacy and accountability’.
Both emails are not attributed to an individual, and the University has not commented on who may be responsible.
University Response
Academics took action before the University’s official statement was released on the 7th October 2025.
At 11:37 PM 6th October Dr Nathan Berger from the School of education sent out an email addressing concerns, confirming the falsehood of these emails:
‘Please remain calm while we await an official response and instructions from the University’.
Dr Catherine Renshaw, Dean of the School of Law, apologised to distressed law students via email:
‘I am aware that many students have received a malicious email sent to students’ personal email addresses. These emails have been reported to the Vice-Chancellor and to the University’s cyber-security team. I am very sorry for the distress these emails have caused’.
Early the morning of the 7th October, University Vice Chancellor and President George Williams emailed students to clarify the fraudulent emails:
‘We are actively investigating this matter and taking steps to contain and address the issue. NSW Police are also investigating the matter… We sincerely apologise for any concern that these emails may have caused. Thank you for your patience and understanding as we work to address this matter’.
A Western Sydney University spokesperson told W’SUP News:
‘Western Sydney University is aware of fraudulent emails sent to students and graduates, with some falsely claiming that they have been excluded from the University or that their qualifications have been revoked. These emails are not legitimate and were not issued by the University. We are reaching out to inform people that the email is fraudulent and have informed NSW Police. As this is part of an ongoing police investigation, we are unable to provide further comment at this time. We sincerely apologise for any concern this may have caused’.
Advice
Do not panic if you received these emails. The University has advised students to not reply to the emails and refrain from clicking on any links they may contain. Remain up to date with the University’s advice here.
