Overview
- Attackers accessed an online code repository and downloaded legacy datasets containing personal information for staff, alumni, students, and a small number of supporters.
- The university’s latest estimate cites exposure for roughly 10,000 current staff and affiliates, about 12,500 former staff and affiliates, around 5,000 students and alumni, and six supporters, though earlier reporting put the total near 13,000.
- Officials say the intrusion was limited to a single platform, the environment has been secured, and the identified datasets have been removed from the repository.
- Personalized notifications began on December 18 and are expected to continue into January 2026, with a dedicated support service and an updated FAQ available to those affected.
- The university reports no evidence that the data has been published or misused and has notified the NSW Privacy Commissioner, the Australian Cyber Security Centre, and education regulators while the investigation continues.