Unauthorised access to Western Sydney University’s systems via the SSO service occurred between 28 January and 25 February 2025. Approximately 10,000 current and former students notified 15 April 2025. Stolen data: names, dates of birth, email addresses, phone numbers, student admission and enrolment details, tax file numbers, passport numbers, driver’s licence details, and visa information. A former WSU student, Birdie Kingston (27), was arrested and charged with 20 offences including blackmail and accessing/modifying restricted data. This was WSU’s third breach in approximately one year. A second separate incident in June–September 2025 via a third-party cloud system exposed bank details and health records.