According to communications to staff sent by Sydney University’s vice-president of operations, Nicole Gower, as seen by The Australian, the hackers accessed the university’s online code library, where they exfiltrated “historical files”.
“While principally used for code storage and development, unfortunately there were also historical data files in this code library containing personal information about some members of our community,” Gower said in a statement on the university website.
“We understand this news may cause concern, and we sincerely apologise for any distress this may cause.”
Data reportedly includes the personal data, including names, birth dates, home addresses, phone numbers, job titles and employment dates of the 7,945 staff that worked for the university on 4 September 2018.
Additionally, the personal information of six donors and 5,000 former students and alumni was stolen from data sets between 2010 and 2019.
Gower added that the university believes no data has yet been published.
“We have found no evidence of misuse but will communicate with staff again if we discover any such publication,” Gower said.
“We recommend individuals take proactive steps to protect their information as a precautionary measure.”
The university has begun an investigation into the incident and has notified relevant government authorities. Additionally, it has confirmed that no other systems were impacted.
Gower added that notifications will be sent to students starting today (18 December 2025).
The university clarified that this incident is not connected to another issue in which students were sent the wrong results for their semester 2 subjects.
“We know this could have caused stress and confusion – support is available for anyone who may need it,” the university said.
Daniel Croft