A former WesternSydneyUniversity student allegedly waged a four-year hacking campaign on the institution which began as an attempt to secure discounted parking on campus and culminated in her threatening the sale of student information on the dark web.
The 27-year-old was arrested on Wednesday and charged with 20 offences including accessing or modifying restricted data on a computer, dishonestly obtaining financial advantage by deception, and unauthorised modification of data with intent to cause impairment.
Police allege the woman initially exploited the university’s system’s to get cheaper parking, but as her offending escalated, she allegedly altered her academic results and eventually threatened to sell confidential student data on the dark web.
“We’re aware that there are a number of grievances … which were not resolved to their liking, and we believe that that’s the driving factor behind the offending,” Det Acting Supt Jason Smith said on Thursday.
Sign up for Guardian Australia’s breaking news email
Police seized more than 100 gigabytes of data along with computers, servers and mobile devices in the raid on a unit at Kingswood in Sydney’s west.
Since 2021, Western Sydney University has experienced a series of hacks involving unauthorised access, data exfiltration, system compromise and misuse of university infrastructure – including someone threatening the sale of student information on the dark web, police said.
Police said it was estimated hundreds of university staff and students were affected by these incidents.
The former electrical engineering student allegedly started holding the university to ransom from November 2024, eventually demanding $40,000 in cryptocurrency to stop her revealing sensitive data about staff and students.
Police had searched the student’s residence in September 2023 before Wednesday’s raid of her apartment resulted in her arrest and 21 fraud and cyber charges.
She was remanded in custody ahead of a court appearance in Parramatta on Friday morning.
Western Sydney University said the attacks had a significant impact on the university community and upgrades were made to prevent future attacks.
Sign up toBreaking News Australia
Get the most important news as it breaks
after newsletter promotion
“This includes employing specialist staff, implementing new technologies that enhance our ability to detect, respond to and defend against threats to our digital environment,” it said in a statement.
University of Queensland cybersecurity expert Ryan Ko said universities could be more “porous” in data protection than other institutions.
“Many different people take multiple roles – for example, there are postgraduate students who are both student and staff, so it’s a bit more complicated,” Prof Ko said.
Prof Ko said it was common for individuals committing cyber-attacks to start with low-level hacks and progress to more sensitive systems.
“They tend to be opportunistic. They look for the lowest hanging fruit, in this case parking,” he said.