What happened
In December 2025 the University of Sydney disclosed a cyber and data breach affecting the personal information of more than 20,000 staff, affiliates and applicants, accessed through a third-party platform [usyd] [therecord-usyd]. The university notified affected people and privacy regulators.
Timeline
- 2025-12 — University of Sydney disclosed the breach; 20,000+ people affected [usyd].
Current status
Under investigation; affected individuals notified. Figures are as reported. [therecord-usyd]
Why it matters
Another third-party-platform breach in the higher-education sector — increasingly the most-targeted part of Australian education.