Western Sydney University reveals a staggering $53 million cost to manage a series of cyber attacks allegedly carried out by a former student. The breach exposed the data of 10,000 students, including passports, visas, and financial details, prompting a major response and police action.
Microsoft 365 remains healthcare’s weakest security link, with breaches rising from 43% in 2024 to 52% in mid-2025. Patient data exposure, soaring costs, and AI-driven cyberattacks in Australia highlight urgent gaps. Policymakers face mounting pressure to safeguard data sovereignty.
Canadian fintech firm Wealthsimple has disclosed a data breach affecting 30,000 clients after a third-party vendor was compromised. The incident exposed sensitive personal information, including Social Insurance Numbers, prompting an immediate response and enhanced security measures.
Western Sydney University reveals a staggering $53 million cost to manage a series of cyber attacks allegedly carried out by a former student. The breach exposed the data of 10,000 students, including passports, visas, and financial details, prompting a major response and police action.
Cyber News Centre's cyber update for 9th September 2025: Western Sydney University has revealed that a four-year cyber attack campaign allegedly carried out by a former student has cost the institution $53 million in remediation efforts, with the breach exposing sensitive data belonging to over 10,000 individuals including tax file numbers, passport details, and financial information.
Western Sydney University is a major Australian university with campuses across the Greater Western Sydney region. It provides undergraduate, postgraduate, and higher research degrees to a large and diverse student body.
The Update: Western Sydney University's Vice-Chancellor Professor George Williams revealed at a recent Senate inquiry that contractor costs for managing a series of cyber incidents have reached $53 million, with $36 million spent in 2024 and a further $17 million in 2025. The attacks, allegedly carried out by former electrical engineering student Birdie Kingston over a four-year period from 2021-2025, compromised data belonging to over 10,000 individuals across multiple separate incidents. The compromised information includes names, dates of birth, contact details, student IDs, tax file numbers, passport numbers, driver's licenses, visa details, bank account information, health records, and employee salary information.
“Our university has been relentlessly targeted in a string of attacks on our network. This has taken a considerable toll on our community, and for that, I am deeply sorry,” vice-chancellor and president, distinguished professor George Williams AO said in a 28 August statement.
Kingston, 27, was arrested in June 2025 and faces 21 charges including 10 counts of accessing or modifying computer data. The university confirmed that over 100GB of data was stolen and offered for sale on the dark web, with Kingston allegedly demanding $40,000 in cryptocurrency ransom, which the university refused to pay. The university has implemented enhanced security measures including multi-factor authentication, 24/7 monitoring, and additional firewall protection while working with multiple government agencies including NSW Police, AFP, and the Australian Cyber Security Centre.
Why it Matters: This case represents one of Australia's most significant and prolonged insider threat incidents, demonstrating how a single individual with legitimate access can cause catastrophic damage over an extended period. The four-year timeline shows how insider threats can evolve from minor infractions (parking system manipulation) to major data breaches and extortion attempts. The $53 million cost underscores the true financial impact of cyber incidents, extending far beyond immediate remediation to include long-term security upgrades, legal proceedings, regulatory compliance, and reputational damage. For educational institutions and large organisations, this serves as a critical case study in the importance of continuous monitoring, access controls, and early intervention when suspicious activities are detected. The fact that Kingston continued her activities even after a police warning in 2023 highlights the persistent nature of insider threats and the need for robust deterrent measures.
2021: The Beginning - Birdie Kingston, then a student at Western Sydney University studying electrical engineering, begins her hacking activities with what appears to be a relatively minor goal: manipulating the university's parking system to obtain cheaper parking fees. This initial breach establishes her access methods and familiarity with university systems.
2023: Escalation and Warning - Kingston's activities escalate significantly as she begins altering academic grades and threatening to leak sensitive information online. In September 2023, NSW Police officially warn Kingston while she is living on the WSU campus. Despite this official warning, Kingston is not deterred and continues her hacking activities against the university, demonstrating the persistent nature of insider threats even when detected.
May 21, 2024: Western Sydney University announces a cyber incident affecting its Microsoft Office 365 environment. Investigation later reveals this incident actually began in May 2023 and affected approximately 7,500 individuals.
July 31, 2024: The university issues a public notification about a separate breach affecting its storage platform (Isilon), including the My Documents system.
August 14, 2024: The most significant breach begins when the perpetrator gains unauthorised access to the Student Management System and Data Warehouse, marking the start of the incident that would ultimately expose the largest amount of personal data.
August 27, 2024: University security teams detect the unauthorised access and begin immediate response procedures.
August 31, 2024: The unauthorised access is successfully contained, though the damage has already been done with significant amounts of data compromised.
October 1, 2024: The university's investigation confirms that personal information was accessed during the August incident.
October 31, 2024: Western Sydney University issues a comprehensive public notification about the August breach, detailing the scope of compromised data.
November 1, 2024: A dark web post appears containing a sample dataset of stolen university data, with mentions of a larger dataset available for purchase. This post remains accessible due to the nature of dark web forums, which cannot be subject to takedown notices.
2025: Continued Attacks and Resolution
January-February 2025: Kingston compromises the university's single sign-on (SSO) system, affecting approximately 10,000 students in a separate incident from the previous year's breaches.
February 8, 2025: The university becomes aware of potential unauthorised access to its systems.
April 10, 2025: Western Sydney University announces two additional security incidents, bringing the total number of separate breaches to multiple incidents across the timeline.
April 15, 2025: The university provides a detailed cyber incident update to its community.
June 4-8, 2025: Stolen data is published on file-sharing sites, with two open web posts and one dark web post linking to three file-sharing platforms hosting downloadable datasets. The university's cyber monitoring team detects the posts within eight hours and successfully issues takedown notices to the open web platforms.
June 8, 2025: Takedown notices are successful, and datasets are removed from open web file-sharing sites.
June 20, 2025: The third dataset becomes no longer accessible.
June 2025: NSW Police arrest Birdie Kingston in connection with the cyber attacks. She is granted bail under strict conditions: no internet access, no smart devices, and only permitted to use an analogue phone.
August 28, 2025: Western Sydney University issues a comprehensive public notification confirming that previously stolen personal information was published online, including on the dark web, in defiance of NSW Supreme Court interim injunction orders.
September 8, 2025: Vice-Chancellor Professor George Williams reveals the full financial impact at a Senate inquiry into higher education governance, disclosing that contractor costs have reached $53 million.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Canadian fintech firm Wealthsimple has disclosed a data breach affecting 30,000 clients after a third-party vendor was compromised. The incident exposed sensitive personal information, including Social Insurance Numbers, prompting an immediate response and enhanced security measures.
Australian businesses face a 1,265% surge in AI-powered phishing attacks. Cybercriminals use deepfakes, adaptive malware, and hyper-personalised scams while employees inadvertently leak data through AI tools. Expert insights reveal dual threats and essential protection strategies.
Tire giant Bridgestone has confirmed a cyberattack that disrupted manufacturing across its North American facilities. The company is investigating the incident but believes it was contained early, with no customer data compromised. Production has been impacted at multiple plants.
Jaguar Land Rover's global production has been severely disrupted by a cyberattack, with a group of hackers claiming responsibility. The incident has halted manufacturing at key UK plants and impacted retail operations during a peak sales period, raising concerns about supply chain vulnerabilities.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
