A former Western Sydney University student has been arrested and charged with allegedly hacking the institution over several years after initially seeking to exploit systems to get discounted parking.

The 27-year-old woman was arrested at a property in the Western Sydney suburb of Kingswood on Wednesday, where she was charged with 20 offences including accessing and modifying restricted data and dishonestly obtaining financial advantage by deception.

NSW Police said officers found computer equipment and several mobile devices inside the premises.

The woman, which local media named as Birdie Kingston, was refused bail and was set to appear in Parramatta Local Court on Thursday.

From parking fees to the dark web

Western Sydney University announced in April the information of approximately 10,000 current and former students had been “subject to unauthorised access”, but the university had also experienced “data exfiltration, system compromise, and misuse of university infrastructure” since 2021, police said on Thursday.

Law enforcement say they will now allege in court that Kingston initially accessed the university’s systems to obtain discounted on-campus parking without authorisation, and eventually threatened to sell confidential information about students on the dark web.

Hundreds of university staff and students were believed to have been affected across several incidents, police said.

It was unclear if authorities were on the trail of any other individuals allegedly involved in the cyber breaches, but police said investigations would continue.


NSW Police says computers and mobile devices were found in the premises when the former student was arrested. Image: NSW Police / Supplied

Cyber incidents had ‘significant impact’ on university community

A Western Sydney University spokesperson told Information Age the organisation had assisted in police investigations.

"These cyber incidents have had a significant impact on the university community and we are thankful for the support of NSW Police," they said.

"As this matter is now before the court, the university cannot provide further comment."

The spokesperson said the university had "invested in a significant program" to increase its cybersecurity capabilites.

"This includes employing specialist staff and implementing new technologies that enhance our ability to detect, respond to, and defend against threats to our digital environment," they said.

Western Sydney University reported at least three major cybersecurity incidents in 2024, including breaches of an IT account, the university’s Microsoft Office 365 environment, and a third-party storage platform.

In July 2024 the institution told staff and students that around 580 terabytes of data had been accessed without authorisation during the hack of its storage platform Isilon.

Reviews of the data found it included information such as names, contact details, bank account and superannuation information, government identification documents, and “sensitive information relating to workplace conduct and health and safety matters”.

The University of Sydney also reported a cybersecurity incident earlier this year, when an alleged hacker claimed to have compromised the organisation’s technology systems.

The university said none of its data had been impacted by the incident, which involved third-party contractor management software.