Western Sydney University (WSU) has suffered a major cyber breach, with hackers accessing and stealing a vast range of sensitive student information, including tax file numbers, passport details, payroll figures, and private health and disability records. The attack occurred between June 19 and September 3, 2025, and the university has revealed that the unauthorised access was obtained through a third-party provider’s cloud-based platform.
The compromised data includes names, dates of birth, ethnicity, employment and payroll details, bank account information, tax file numbers, driver’s license and passport/visa details, as well as complaint and case information, and health, disability, and legal data. WSU has apologised for the impact on its community and is working closely with the NSW Police Force Cybercrime Squad’s Strike Force Docker to address the incident and strengthen its cybersecurity measures.
This latest cyber attack follows the arrest of a former WSU student, Birdie Kingston, in June 2025 for a series of cyber attacks on the university from 2021 onward. While the police have not stated that Kingston’s alleged crimes are connected to the current breach, the university has acknowledged that attempts to gain unauthorised access to its systems have continued, even after the previous incident. WSU is urging all affected students, staff, and alumni to take the recommended actions and utilise the support services available.