Student Allegedly Hacks University Systems Over Personal Grievances
A former Western Sydney University student has been arrested for allegedly orchestrating a series of hacking incidents against the university’s database over four years. What began as an attempt to obtain cheaper campus parking reportedly escalated into altering academic records and threatening to sell sensitive student information on the dark web.
From Parking Discounts to Cybercrime
Police state that 27-year-old Birdie Kingston initiated unauthorized access to the university’s digital systems in 2021 while she was still a student. Initially, her hacking focused on exploiting the system to secure discounted or free parking on campus. However, as her technical skills improved, so did the severity of her actions.
Escalation of Offenses
Subsequent alleged offenses included manipulating her academic results — reportedly changing failing marks to passing grades — and finally downloading confidential data containing descriptions of students and staff. In late 2024, Kingston allegedly issued a ransom demand through a dark web forum, demanding approximately $40,000 in cryptocurrency in exchange for withholding the release of stolen data.
Police Investigation and Arrest
Law enforcement initiated a formal investigation after the university detected breaches in September 2023. That year, a search was conducted at a student residence connected to the suspect, and in June 2025, police seized computer equipment and over 100 gigabytes of data at a Kingswood apartment linked to Kingston.
Following these events, Kingston was charged with 20 offenses, including multiple counts of unauthorized access and modification of restricted data, deceptive financial gain, and making menacing demands. She was refused bail and is due to appear at the Penrith Local Court.
Impact on University Community
The university revealed that hundreds of staff and students were affected by the breaches. In response, Western Sydney University has strengthened its cybersecurity infrastructure, employing specialists and implementing advanced detection and defense technologies to prevent future incidents.
Despite the threats, the university did not pay the ransom, and authorities found no evidence that the stolen data was published or sold.
Motivations Behind the Crimes
Detective Acting Superintendent Jason Smith indicated that Kingston’s actions were driven by unresolved personal grievances with the university, describing the attacks as motivated by frustrations over several years where disputes were not resolved to her satisfaction.
Cybersecurity Challenges in Academic Institutions
Cybersecurity experts highlight universities are often vulnerable due to the complexity of their environments, where many users play multiple roles such as student and staff simultaneously, creating porous data protection layers. Offenders typically start with low-level exploits before moving to more critical systems.
Looking Ahead
The investigation continues under the banner of Strike Force Docker, with authorities examining the possibility of connections between this case and previous breaches dating back to 2021. The university remains committed to cooperating closely with law enforcement to uphold security and protect its community.
