Statement relating to an arrest following Western Sydney University data breaches

 

The Privacy Commissioner is aware of recent media regarding the arrest of a former student for a series of alleged cyber hacks on Western Sydney University.

Western Sydney University has experienced several breaches over the past few years, affecting a number of former and current students. 

The Information and Privacy Commission (IPC) has engaged with the University about the breaches under the MNDB Scheme.

People who believe they are affected by these breaches or who have been notified and would like more information should contact Western Sydney University on 02 9174 6942 (Monday to Friday, 9.00am to 4.30pm AEST) or visit their website: https://www.westernsydney.edu.au/news/cyber-details 

The IPC also has information on support services available to help those impacted by a data breach, available via its website

The IPC does not comment on the details of individual matters. Investigations of incidents are undertaken independently by the agency involved with reporting obligations required under the MNDB Scheme.

The Privacy Commissioner reminds all NSW public sector agencies bound by NSW privacy legislation of their obligations to protect and secure the personal information that they hold including to only collect the personal information necessary and to not hold it for longer than is necessary. Agencies need to apply both administrative and technical controls in the protection of personal information.

The IPC has guidance available via its website to support agencies in meeting their obligations.

 

ENDS

 

For further information, please contact:

The Manager, Communications and Corporate Affairs on 0435 961 691 or email communications@ipc.nsw.gov.au

About the Information and Privacy Commission:

The Information and Privacy Commission NSW (IPC) is an independent integrity agency that supports the NSW Information Commissioner and the NSW Privacy Commissioner.  Its vision is that privacy and access to government information are valued and protected in NSW. The Information Commissioner is the chief executive of the Commission. 

About the NSW Privacy Commissioner

Ms Sonia Minutillo was appointed as the Privacy Commissioner in March 2025. As Privacy Commissioner, her role includes the promotion of public awareness and understanding of privacy rights in NSW, as well as providing information, support, advice and assistance to agencies and the public.

The Privacy Commissioner administers the Privacy and Personal Information Protection Act 1998 (PPIP Act) and the Health Records and Information Privacy Act 2002 (HRIP Act).

For further information about the IPC visit our website at www.ipc.nsw.gov.au 

Aboriginal and Torres Strait Islander Flags
We acknowledge Aboriginal and Torres Strait Islander peoples as custodians of Australia and pay our respects to Elders, past and present. We also acknowledge the ongoing connection to land, sea and communities throughout Australia, and the contributions to the lives of all Australians. 

IPC logo.

© IPC

CC logo

Navigate

Useful links

IPC Social Media

   Linkedin

 

IPC Social Media Terms of Use