Vice-President (Operations) Nicole Gower’s full message is below.

Dear colleagues,

I am writing to notify you of a cyber incident that recently occurred at the University of Sydney.

Last week we were alerted to suspicious activity in one of our online IT code libraries. We took immediate action to protect our systems and community by blocking the unauthorised access and securing the environment. While principally used for code storage and development, unfortunately there were also historical data files in this code library containing personal information about some members of our community. This incident is unrelated to yesterday’s student results issue.

We understand this news may cause concern, and we sincerely apologise for any distress this may cause. To our knowledge, the data has not been published.

Am I affected?

The unauthorised access includes a historical data file from a retired system containing personal information about staff employed at the University on 4 September 2018. This information includes the name, date of birth, phone number and home address of those staff as well as some basic job information (e.g. job title and employment dates).

While the data has been accessed and downloaded, there is currently no evidence it has been used or published. We are actively monitoring for any signs of use or publication and, should this occur, we will update you immediately.

We have provided further information below, including contacts for support and advice for securing your personal information online.

What action has the University taken?

We have notified relevant government authorities and are working with our cyber security partners to fully understand the scope of the situation. An investigation is underway and, given its complexity, we expect this process to continue into the new year. At this stage, the unauthorised access was limited to a single platform and did not affect other University systems.

What happens next? 

Notifications to impacted individuals will commence today. We aim to complete notifications in January 2026, when we estimate the full assessment of file reviews will be completed and we have contact details for all impacted individuals. Responses to frequently asked questions have been published and updates will be made available on our website.

We will continue to keep you updated as the formal investigation progresses and directly contact affected current and former staff. We will also be communicating with other relevant members of our community, including some small cohorts of students and alumni.

We take our cyber security responsibilities seriously and have engaged expert partners to assist with incident response. Over the past three years, we have implemented an extensive program to review and strengthen our data management practices. We continue to enhance these processes to protect against similar incidents, with work ongoing under the Privacy Resilience Program. The identified datasets have been purged from the code library, and we are now investigating what further actions are necessary to ensure ongoing best practice. 

Kind regards, 

Nicole

Nicole Gower
Vice-President (Operations) 

What we know so far

The code library is used for code storage and development. A number of data files containing personal information were also located in the code library. We believe these are historical extracts primarily used for testing purposes at the time the code was developed.

Our current investigations indicate the accessed data includes:

• personal information of around 10,000 current staff and affiliates, that were employed or affiliated as at 4 September 2018
• personal information of around 12,500 former staff and affiliates, that were employed or affiliated as at 4 September 2018
• a series of historical data sets predominantly from 2010-2019 containing personal information of around 5000 alumni and students, as well as six supporters.

Notifying affected individuals

We are carefully working through the data to identify all members of our community who are affected, so we can inform them and provide appropriate support. Notifications to impacted individuals will commence today, aiming to be completed in January 2026 when we estimate the full assessment of file reviews will be completed and we have contact details for all impacted individuals.

We have provided general advice on the precautions people can take to lower the risk of their accessed data being misused below.

Steps we have taken in response to the cyber breach

As soon as we became aware of the cyber breach, we acted by:

• blocking the unauthorised access to the online code library
• commencing an investigation to understand the scope of the issue and identify those affected
• implementing our cyber security procedures to ensure heightened security of other University systems
• purging the identified datasets from the code library
• contacting relevant authorities, including the NSW Privacy Commissioner, Australian Cyber Security Centre, the Tertiary Education Quality and Standards Agency, the National Student Ombudsman, and ID Support NSW
• continuing to work with our expert cyber security partners to establish whether any of the data has been disclosed online and assist with the incident response.

Support available to you

We understand that this news may be distressing, and there are resources available at the University and externally to support you.

Cyber incident support form

• A dedicated service is being established to answer questions and affected members of our community can contact the service using the cyber incident support form. The dedicated service will continue to operate over the University closedown period of 20 December 2025 to 5 January 2026 (excluding public holidays).

Support for staff

• Our staff counselling and coaching partner, Converge International, has been briefed, and can provide specialist support for anyone affected. 24/7 counselling services and wellbeing support is available for any staff or their immediate family members.
• Affected staff will be contacted directly by the University with further information. Individual notifications will commence today and we are aiming to complete individual notifications in January 2026 when the full assessment of file reviews has been completed.
• Safer Communities provides confidential, free support to students and staff who have experienced sexual assault, sexual harassment or domestic and family violence.
• The SafeZone app provides 24/7 support and connects students and staff directly with Protective Services and emergency teams when you’re on campus, or directly with emergency services if you’re off campus.

Support for students

• Student Wellbeing services are free and confidential for all students, including international and offshore students, and can be contacted 24/7.
• Safer Communities provides confidential, free support to students and staff who have experienced sexual assault, sexual harassment or domestic and family violence.
• The SafeZone app provides 24/7 support and connects students and staff directly with Protective Services and emergency teams when you’re on campus, or directly with emergency services if you’re off campus.

Support from government agencies

• ID Support NSW offers assistance for individuals dealing with identity theft, data breaches or scams.  ID Support advisors provide free personalised advice and assistance to help mitigate the risk of identity misuse. You can contact ID Support on 1800 001 040, Monday to Friday from 9am to 5pm, excluding public holidays. Translation services are available. Visit the website to access free identity protection tools and resources.
• The Office of the Australian Information Commissioner website hosts a dedicated data breach support page, which includes data breach support and resources.
• IDCARE: Australia’s national identity and cyber support service can connect you with a specialist identity and cyber security counsellor.
• Beyond Blue: Mental health information and support. Phone: 1300 224 636.
• Lifeline: Mental health information and support. Phone: 13 11 14.
• Domestic and family violence support: Call 1800RESPECT or visit https://1800respect.org.au/. Additional support is available on the NSW Domestic and family violence support website. 

General cyber security advice and support

General advice on the precautions people can take to lower the risk of their accessed data being misused includes: 

• Be vigilant: Monitor your online activities, observe personal, financial, and University accounts for any unusual or suspicious activity. Be alert to phishing emails or calls that may appear to come from trusted sources that request personal information.
• Change passwords: Change your passwords for your online accounts and always use multi-factor authentication where you can.
• Report: If you suspect your information is being misused, report it to local law enforcement and the University Cyber Security Team.
• Tell your family and friends: Please let your family and friends know about this incident. Tell them to contact you directly if they have any suspicions that your personal information is being misused or someone is pretending to be you.
• Don’t share on social media: To avoid scammers, we recommend you don’t share this notice on social media.
• Verify incoming messages and texts: Make sure messages are coming from a trusted source before you respond to them.
• Find out more about the University’s approach to cyber security.

If the support you require has not been listed here, and you would like someone to call you, please use the additional assistance form, and include your preferred contact.

Next steps

We will continue to keep our community updated as the formal investigation progresses, including directly contacting current and former staff, students and alumni who have been affected by this cyber incident.