The University of Sydney has alerted its community to a significant cybersecurity breach involving the unauthorized access of a code library.
The incident, confirmed by university officials on December 18, 2025, has exposed the personal information of thousands of current and former staff members, as well as a smaller group of students and alumni.
University officials detected suspicious activity last week within an online IT code library used for software development and storage.
While the platform was primarily intended for code, it inadvertently contained historical data files. Upon discovery, the university took immediate action to block the unauthorized access and secure the environment.
Vice-President (Operations) Nicole Gower issued a message apologizing for the distress caused by the breach.
“While the data has been accessed and downloaded, there is currently no evidence it has been used or published,” Gower stated.
What Data Was Exposed?
The breach targets explicitly historical data sets. The investigation indicates that the compromised files include:
- Current Staff: Personal details of approximately 10,000 staff members and affiliates employed as of September 4, 2018.
- Former Staff: Information regarding 12,500 former employees affiliated as of the same 2018 date.
- Students and Alumni: Historical data from 2010–2019 affecting roughly 5,000 students and alums.
The exposed information includes sensitive personal details, such as names, dates of birth, phone numbers, home addresses, and basic employment information, such as job titles.
The University of Sydney has notified relevant government bodies, including the NSW Privacy Commissioner and the Australian Cyber Security Centre. The specific datasets identified in the breach have been purged from the code library.
The university has begun notifying impacted individuals directly. Due to the complexity of the file reviews, this notification process is expected to continue through January 2026.
The university urges all staff and students to remain vigilant. Recommended precautions include monitoring personal and financial accounts for suspicious activity, changing passwords, and being alert to phishing attempts.
Support services, including ID Support NSW and counseling partners, have been made available to those affected.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.