🔒breach.co.nz · the NZ & Australia breach register 🛡️ A Govern service
Register › 🇦🇺 AU › Education

University of Sydney

🇦🇺 Sydney, NSW · The University of Sydney · Record AU-2025-0320
● Confirmed
People affected
20,000+
Breach date
2025-12
Regulator
OAIC; IPC NSW
Trust tier
A · Confirmed

Data exposed

Personal information of staff, affiliates and applicants (via a third-party platform) Confirmed

Confidence: Confirmed = regulator/court · Company-confirmed = the organisation's own disclosure · Media-reported = press. Figures without an official source are labelled, not estimated.

What happened

In December 2025 the University of Sydney disclosed a cyber and data breach affecting the personal information of more than 20,000 staff, affiliates and applicants, accessed through a third-party platform [usyd] [therecord-usyd]. The university notified affected people and privacy regulators.

Timeline

  • 2025-12 — University of Sydney disclosed the breach; 20,000+ people affected [usyd].

Current status

Under investigation; affected individuals notified. Figures are as reported. [therecord-usyd]

Why it matters

Another third-party-platform breach in the higher-education sector — increasingly the most-targeted part of Australian education.

GGOVERN Tabletop Exercises · Govern house Keep the campus running when the systems go dark. Book a Discovery Call →