A former Western Sydney University student has been arrested after allegedly conducting a four-year hacking campaign against the institution, starting with an attempt to secure discounted parking and escalating to threats of selling student data on the dark web.
The 27-year-old woman, a former electrical engineering student, was arrested on Wednesday and charged with 20 offences, including accessing or modifying restricted data, dishonestly obtaining financial advantage, and unauthorised data modification with intent to cause impairment. Police seized over 100 gigabytes of data, computers, servers, and mobile devices from her unit in Kingswood, Sydney.
Police allege the woman initially exploited the university's parking system for cheaper rates but later altered her academic results and, from November 2024, demanded $40,000 in cryptocurrency to prevent the release of sensitive staff and student information. Detective Acting Superintendent Jason Smith cited unresolved grievances as a driving factor.
Western Sydney University confirmed the attacks had a significant impact, prompting upgrades including specialist staff and new technologies to detect and defend against threats. Cybersecurity expert Ryan Ko from the University of Queensland noted that universities are often more vulnerable due to complex roles like postgraduate students who are also staff.
The woman was remanded in custody and is scheduled to appear at Parramatta Court on Friday. Police estimate hundreds of staff and students were affected by the breaches, which date back to 2021.
