19.12.2025
2 min
433
The University of Sydney has disclosed a data breach after hackers gained unauthorized access to an internal online code repository, exposing personal information of more than 27,000 students, alumni, and staff members.
According to the university, attackers accessed an online IT code library used primarily for software development and code storage. However, the repository also contained historical files with personal data that should not have been stored in that environment.
The suspicious activity was detected last week, prompting the university to immediately block unauthorized access. Authorities, including the New South Wales Privacy Commissioner, the Australian Cyber Security Centre, and education regulators, were notified of the incident.
The breach affected data belonging to over 27,000 individuals, including approximately 10,000 current staff and affiliates as of September 2018, 12,500 former staff and affiliates, and around 5,000 students and alumni from datasets dated between 2010 and 2019.
The compromised data includes names, dates of birth, phone numbers, home addresses, and employment details. While the university confirmed that the data was accessed and downloaded, it stated that there is currently no evidence of the information being published or misused.
The University of Sydney breach highlights the ongoing risks associated with storing sensitive personal data in development environments. Even secondary systems such as code repositories can become high-impact attack vectors without strict data governance, access controls, and regular security reviews.
