Ex-student charged over hacking university for cheap parking, data breaches

New South Wales police in Australia have arrested a 27-year-old former Western Sydney University (WSU) student for allegedly hacking into the University’s systems on multiple occasions, starting with a scheme to obtain cheaper parking.

Specifically, the woman, identified by local media reports as Birdie Kingston, is accused of unauthorized access, data theft, and compromising university infrastructure since 2021, affecting hundreds of staff and students.

“Since 2021, Western Sydney University experienced a series of cyber hacks involving unauthorized access, data exfiltration, system compromise, and misuse of university infrastructure – including threatening the sale of student information on the dark web,” reads the NSW Police press release.

“It is estimated that hundreds of university staff and students were affected by these incidents.”

WSU is a major educational institute in Australia offering a wide range of undergraduate, postgraduate, and research programs to 47,000 students. It employs over 4,500 regular and seasonal staff members and operates on a budget of $600 million (USD).

The educational institute disclosed multiple security breaches since last year. In May 2024, it confirmed unauthorized access to its Microsoft Office 365 environment that had started in May 2023, exposing 7,500 individuals.

In April 2025, WSU announced that it had suffered two more security incidents. The first incident involved the compromise of one of the University’s single sign-on (SSO) systems between January and February 2025, exposing approximately 10,000 students.

The second incident involved the leak of stolen data belonging to members of the WSU community on the dark web, which began on November 1, 2024.

The NSW police suspect that Kingston is behind those incidents and others, charging her with 20 offenses.

During the raid and arrest at her residence in Kingswood, police investigators found and seized computer equipment and mobile devices that may contain incriminating evidence.

Her actions allegedly escalated from manipulating parking access and academic records to threatening the sale of student data on the dark web.

Australian media claim that the police officially warned Kingston in September 2023, when she lived on the WSU campus, but she reportedly wasn’t deterred and continued her hacking activities against the University.

Based on the same reports, the hacker stole over 100GB of confidential data from WSU systems over the years, altered academic results, secured discounted parking at the University, threatened to sell stolen student data on darknet forums, and demanded a ransom payment in cryptocurrency worth $40,000.

BleepingComputer has contacted WSU for a comment on the hacker’s arrest, but we have not received a response yet.

H/T Sick Codes